Splunk [Data Fabric Search and Data Stream Processor] 2019 .conf Videos w/ Slides

Initial compromises happen on your endpoints, so why are you not Splunking them? In this edition of Splunking The Endpoint, we will tell you exactly what to configure in Splunk, and where, why, and how to do so in order to get unparalleled visibility into threats targeting your network. Not only will we revisit popular operating system and open-source endpoint data sources like Sysmon and Osquery, but we'll also talk about various popular commercial EDR products and give you best practices for collecting data from them. Lastly, we'll help you address any doubts about scale problems and licensing costs.Please bring your laptop! We will dive through the latest Boss of the SOC (BOTS) endpoint data and demonstrate the detection techniques needed to answer BOTS questions. Everything you learn will be something you can take home and put into production immediately. Speaker(s) James Brodsky, Director, Global Security Kittens, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2007.pdf?podcast=1577146268 Product: Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor Track: Security, Compliance and Fraud Level: Good for all skill levels

Are you frustrated with the task of configuring syslog servers yourself to properly ingest data into Splunk? Take control of the syslog beast once and for all and point your "514" traffic to the new Splunk Connect for Syslog! This new Splunk-supported connector makes quick work of past struggles with syslog servers, sourcetyping, data enrichment, and scale. In this session we will dive into the configuration of the Splunk Connect for Syslog to properly filter, sourcetype, and format your data. We will demonstrate several out-of-the-box examples, highlighting new functionality such as HEC and Kafka transport for resiliency and scale, simple extensions for new device types, and data enrichment that extends far beyond simple sourcetyping of the raw message. Lastly, we will look forward to the integration of syslog with Splunk's new Data Stream Processor, and highlight appropriate use cases for each solution. By the time we wrap up, you will know how to tame the syslog beast! Speaker(s) Ryan Faircloth, Security Product Manager, Splunk Mark Bonsack, Staff Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1651.pdf?podcast=1577146268 Product: Splunk Enterprise, Splunk Cloud, Splunk Data Fabric Search and Data Stream Processor Track: Foundations/Platform Level: Good for all skill levels

Learn how the T-Mobile Splunk Team uses Splunk Data Stream Processor (DSP) to provide advanced stream manipulation options to its user base. See how DSP is positioned in a large-scale Splunk as a service ecosystem. Speaker(s) Michael Guenther, Senior Advisory Engineer, Splunk Dave Cornette, Enterprise Monitoring Architect, T-Mobile Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1786.pdf?podcast=1577146268 Product: Splunk Data Fabric Search and Data Stream Processor Track: Foundations/Platform Level: Good for all skill levels

Do you use Kafka but find yourself limited by what Kafka allows you to do with your data? Would you like to enrich, aggregate, and alert on your data as it moves through Kafka, but can’t figure out how? You can overcome these obstacles by integrating Kafka with the Splunk Data Stream Processor. The Splunk DSP is a data streaming platform that helps you transform and enrich your data. With DSP you can make data-driven decisions in real time as data is ingested. DSP also provides simple ways to build data pipelines, and gives you full control and visibility into your data as it flows through the platform. Apache Kafka is now widely adopted as a foundational element for data pipelines. DSP integrates seamlessly with Kafka clusters, and allows data to be read from Kafka, processed in highly scalable ways, and then written back to Kafka. Join us and see how to use DSP as a streaming engine for Kafka clusters. Speaker(s) Thor Taylor, Director of Product Management, Splunk Adam Lamar, Principal Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1987.pdf?podcast=1577146268 Product: Splunk Data Fabric Search and Data Stream Processor Track: Foundations/Platform Level: Beginner

How would you go about exploring your data assets using Splunk’s newly available Data Fabric Search? What should you expect when you adopt Data Fabric Search for your Splunk deployments? We will show you how to go about enriching your Splunk searches and navigating through the different search phases to effectively utilize your resources. Speaker(s) Nikhil Roy, Principal Software Engineer, Splunk Asha Andrade, Principal Software Engineer, Data Fabric Search, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN2143.pdf?podcast=1577146267 Product: Splunk Data Fabric Search and Data Stream Processor Track: Foundations/Platform Level: Intermediate

Collect Service is a new scalable method with high availability to collect data for Splunk Cloud Platform or Splunk Enterprise with Data Stream Processor(DSP). This session will cover the basic principles to show you how the Collect Service operates and why you need to use it, how the service is different from modular inputs, and how to leverage Collect Service’s REST API to automate data collection jobs efficiently. Speaker(s) Jove Zhong, Director, Engineering, Splunk Poornima Devaraj, Technical Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/Dev2236.pdf?podcast=1577146267 Product: Splunk Data Fabric Search and Data Stream Processor, Splunk Developer Cloud Track: Developer Level: Beginner

Popular stream processing frameworks (such as Apache Spark Streaming, Apache Flink, and Apache Kafka Streams) make stream processing accessible to developers with language bindings typically in Java, Scala, and Python. These frameworks also include some variant of streaming SQL support to further expand the accessibility of large-scale, low-latency, high-throughput stream processing. What's missing is bringing the world of stream processing to the Business Intelligence user. At Splunk we've built a tool called Splunk Data Stream Processor (DSP) to fill this gap. In this session, Max and Sharon will present the design and architecture of DSP. We will compare it with other stream processing frameworks to show you how DSP allows users to visually author and preview stream processing pipelines and instantly deploy them at scale. We will also present our developer SDKs, allowing third-party custom functions to be developed and integrated for data processing. With its high level abstractions for business users and extensible framework for developers, Data Stream Processor makes stream processing accessible to the widest possible audience. Speaker(s) Sharon Xie, Sr. Software Engineer, Splunk Max Feng, Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1317.pdf?podcast=1577146266 Product: Splunk Data Fabric Search and Data Stream Processor Track: Developer Level: Intermediate

Have you ever been asked to create a resilient petabyte scale data collection and distribution architecture? Do you need to transform data before it is indexed to remove unnecessary or sensitive data or even enrich the data with a lookup before writing the data to your index? Do you need to detect specific patterns to identify the event line break, event timestamp, or assign the appropriate sourcetype? Do you need to control where to send the data including the specific Splunk Index(es) or even a non-Splunk Sink?If so, we will show you how Splunk’s Data Stream Processor (DSP) can be used to address these requirements to meet both current and future demands. We will walk through the scenarios that customers are dealing with today for these requirements. Finally we will talk about how Universal Forwarder, Heavy Weight Forwarder, and HTTP Event Collector fit into this new data ingestion architecture. Speaker(s) Blaine Wastell, Product Management Director, Splunk Thor Taylor, Director of Product Management, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN2062.pdf?podcast=1577146266 Product: Splunk Data Fabric Search and Data Stream Processor Track: Foundations/Platform Level: Good for all skill levels