Splunk [Developer Track] 2019 .conf Videos w/ Slides

You think data ingestion into Splunk is cumbersome today? Don’t enjoy writing Technology Add-ons (TA) for specific use cases? Then this talk is for you!  We will walk through data ingestion using the data sources supported by the new Splunk Investigate wizard. This allows users of all levels to configure their data source and perform various manipulation functions on the ingested data to make sure it meets their use case. We will also go over the guiding principles of the underlying Data Stream Processing (DSP) pipeline which empowers the user to add their own customizations and send data to a variety of destinations.   We will compare this with current Splunk Enterprise data ingestion process by configuring a TA for a specific use case and then alter the ingested data to the desired format before sending it to an index. The user will be able to draw a contrast between the two approaches and see how it does not have to take up to 6 weeks to acquire and prepare data for analytics in Splunk. We hope this session leaves the user excited about data ingestion and prep.    Speaker(s) Asmita Puri, Sr. Software Engineer, Splunk Eric Sammer, Distinguished Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1140.pdf?podcast=1577146193 Product: Splunk Enterprise, Splunk Developer Cloud Track: Developer Level: Intermediate

Come join two old school Splunkers as we talk about our journey building our first app on Splunk Developer Cloud. We'll discuss the fun parts and the foibles, and hopefully show you that you can teach an old Pony new tricks. Speaker(s) Raanan Dagan, Principal SE Architect, Splunk Kyle Champlin, Senior Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1377.pdf?podcast=1577146193 Product: Splunk Cloud, Splunk Developer Cloud Track: Developer Level: Intermediate

You knew it had to happen, Splunk is migrating to Python 3! We want this migration to be as painless as possible for apps and scripts developers, but it necessitates some compatibility requirements. This talk will dive into what parts of your apps and scripts will have to become Python 3 compatible. You’ll explore approaches to using Python community supplied backporting libraries as well as Python 2/3 compatible native syntax. By examining common and uncommon gotchas we found while migrating Splunk Enterprise, we will make sure you are prepared to run your code in the future generations of Splunk Enterprise! Speaker(s) Cory Burke, Principal Software Engineer, Splunk Samat Jain, Senior Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1173.pdf?podcast=1577146193 Product: Splunk Enterprise, Splunk Cloud Track: Developer Level: Advanced

The Federal Election Commission (FEC) is an independent regulatory agency whose purpose is to enforce campaign finance law in US federal elections. The FEC provides a REST API to query all campaign data of every candidate. By collecting and analyzing the direct and indirect (Super PAC) contributions, Splunk can show the relative influence of each candidate of the midterm. Also learn how Splunk powers the Splunk for Good midterm website using Splunk's REST API, HEC, and Amazon S3 hosting. This talk is an update of the 2016 Presidential Election talk from .conf16. Speaker(s) Satoshi Kawasaki, Splunk for Good Ninja, Splunk Corey Marshall, Director, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEVS4G2287.pdf?podcast=1577146193 Product: Splunk Enterprise Track: Developer Level: Advanced

Building Splunk add-ons using API's and Python is easy! In fact we reckon it's is so easy that we're going to build one from scratch in less than 20 minutes... LIVE. Come and see whether we manage to pull it off, or whether we fail in front of hundreds of people! You do not need to be a Python expert, however a basic understanding will help. Speaker(s) James Odom, Head of Service Delivery, Converging Data Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1299.pdf?podcast=1577146193 Product: Splunk Enterprise Track: Developer Level: Intermediate

In the new Splunk Cloud Platform, we’re reimagining the way we enable monitoring and alerting. Configure triggers to identify changes and anomalies in your data as they occur and determine the right action(s) that should be taken as a result – email, Slack, VictorOps, etc. Leverage machine learning to bring your attention to the right insights and roll that back into your core monitoring strategy.  Come to this session to learn more about both the long-term vision and what’s immediately available. Speaker(s) Miranda Luna, Product Management, Splunk Declan Shanaghy, Architect Developer Platform, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV2518.pdf?podcast=1577146193 Product: Track: Developer Level:

Vagrant is virtualization technology that builds portable, virtual software development environments. Leveraging this technology for Splunk development allows agile and DevOps teams to easily collaborate in Splunk development in as way that tightly mirrors their production environment, even when working with a mix of environments such as Mac and Windows. Vagrant’s multi-machine environments can perfectly replicate any Splunk architecture, including complicated clustering and networking configurations, using a single Vagrantfile that can be shared directly or committed to a version control system. From the Forwarder to a search head cluster member, see how your configurations and code work in your environment across the entire data pipeline right on your machine, or test your Splunkbase app on every possible architecture from single server to distributed multi-site clusters, all with a single command: vagrant up. Speaker(s) Jason Rauen, Senior Lead Technologist, Booz Allen Hamilton Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1114.pdf?podcast=1577146193 Product: Splunk Enterprise Track: Developer Level: Intermediate

As a service that has many different integration points, Splunkbase needs to ensure as much uptime as possible. This means that when an incident occurs the root cause needs to be identified, resolved, reviewed and communicated to all relevant parties in a timely manner. Fortunately, Splunk>Investigate has served us very well in achieving these objectives. In this session, we’ll demonstrate how the use of the Splunk>Investigate app on Splunk Cloud Platform (SCP) enables teams to access the same data pool with appropriate authorization to collaborate using shared workbooks. This workflow enables teams to quickly reach a solution when an incident occurs. Speaker(s) Amr Saad, Engineering Manager, Splunk Heather Hunsinger, Senior Software Engineer, Splunk Matthew Erbs, Senior Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1440.pdf?podcast=1577146192 Product: Splunk Developer Cloud Track: Developer Level: Beginner

If you are a customer, when you want an app installed in Splunk Cloud, it is required for the app to pass cloud vetting process. Why does Splunk enforce this? What is in it for you as our customer? Who triggers cloud vetting process for an app and how are cloud vetting requests prioritized?If you are an app developer, it is frustrating receiving messages from customers saying that the app that you developed fails Splunk cloud vetting, and they want you to help to fix. How to fix? How to develop an app that has the biggest chance of passing cloud vetting? What are the common failures that Splunk cloud vetting engineers saw in history and what are the best practices?Come to this session, you will get answers to all the questions above. Speaker(s) Yinqing Hao, Software engineer, Splunk Samuel Ni, Principal Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1881.pdf?podcast=1577146192 Product: Splunk Cloud Track: Developer Level: Good for all skill levels

Collect Service is a new scalable method with high availability to collect data for Splunk Cloud Platform or Splunk Enterprise with Data Stream Processor(DSP). This session will cover the basic principles to show you how the Collect Service operates and why you need to use it, how the service is different from modular inputs, and how to leverage Collect Service’s REST API to automate data collection jobs efficiently. Speaker(s) Jove Zhong, Director, Engineering, Splunk Poornima Devaraj, Technical Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/Dev2236.pdf?podcast=1577146192 Product: Splunk Data Fabric Search and Data Stream Processor, Splunk Developer Cloud Track: Developer Level: Beginner

In this session we will walk you through the process of creating a highly customized application experience using React and Splunk's UI and visualization libraries. Speaker(s) Patrick Wied, Senior Software Engineer, Splunk Ziyan Wang, Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1141.pdf?podcast=1577146192 Product: Splunk Developer Cloud Track: Developer Level: Intermediate

Ever had the necessity to have fine-grain control over visualizations on your Splunk dashboards? This talk will show you everything you need to know about how to build your own custom data visualization experience. Work through real-world examples by customizing the very popular Buttercup games dashboard. By the end of this talk, you will be inspired to have your dashboard with your own visualizations and share them with the Splunk community. Speaker(s) Pete Peterson, Principal Software Engineer, Splunk Xianlin Hu, Principal Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV2178.pdf?podcast=1577146192 Product: Splunk Enterprise, Splunk Developer Cloud Track: Developer Level: Advanced

Wouldn't it be great if SPL had a debug mode?! We think so too, which is why we created SPL Rehab. This new app allows you to step through your search on a per-command basis, visualize key figures from the job inspector and search log, and show you how your overall output is affected! We will also show you how the tool works under the covers and how you can apply some useful dashboarding tricks to your own apps! Speaker(s) James Odom, Head of Service Delivery, Converging Data Slides PDF link - https://conf.splunk.com/files/2019/slides/Dev1293.pdf?podcast=1577146192 Product: Splunk Enterprise, Splunk Cloud, Splunk Developer Cloud Track: Developer Level: Intermediate

Unveiled at .conf2018, Splunk Developer Cloud (SDC) gives developers the ability to integrate Splunk data services into their own applications. If you’ve been curious about getting started with SDC, this session is for you. Attendees will discover how to convert a traditional Splunk App to an SDC App, eliminating potential infrastructure resource roadblocks, leveraging more flexible scaling options, and building better visualizations with a modern, React-based framework. We'll also take a deep dive into the differences in the application design and development process between a traditional Splunk App and SDC as we walk you through our internal process of converting one of our homegrown Splunk Apps. Speaker(s) Ashish Bhutiani, CEO, Function1 Kevin Chu, Function1 Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1667.pdf?podcast=1577146192 Product: Splunk Enterprise, Splunk Developer Cloud Track: Developer Level: Intermediate

Popular stream processing frameworks (such as Apache Spark Streaming, Apache Flink, and Apache Kafka Streams) make stream processing accessible to developers with language bindings typically in Java, Scala, and Python. These frameworks also include some variant of streaming SQL support to further expand the accessibility of large-scale, low-latency, high-throughput stream processing. What's missing is bringing the world of stream processing to the Business Intelligence user. At Splunk we've built a tool called Splunk Data Stream Processor (DSP) to fill this gap. In this session, Max and Sharon will present the design and architecture of DSP. We will compare it with other stream processing frameworks to show you how DSP allows users to visually author and preview stream processing pipelines and instantly deploy them at scale. We will also present our developer SDKs, allowing third-party custom functions to be developed and integrated for data processing. With its high level abstractions for business users and extensible framework for developers, Data Stream Processor makes stream processing accessible to the widest possible audience. Speaker(s) Sharon Xie, Sr. Software Engineer, Splunk Max Feng, Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1317.pdf?podcast=1577146192 Product: Splunk Data Fabric Search and Data Stream Processor Track: Developer Level: Intermediate

This session provides detailed guidance on how to use the new dashboard framework into Splunk apps. It first goes over the basic get started tutorial, which helps developers to build a dashboard in just a few minutes. Then it dives deep into the overall architecture, technology stacks, and individual components that can be customized, including layouts, visualizations, data sources, inputs, event handlers. By attending this session, Splunk app developers will be able to integrate dashboards into the apps flexibly and reliably. This session will also walk through the best practices that can help developers to build the optimal dashboards. This session is targeted to both new Splunk app developers and existing Splunk app developers. For people who already know about the existing Splunk technology stack such as Backbone, SimpleXML, SplunkJS, this session will also go through how to migrate to the new framework. As a bonus, this session will also talk about how to export dashboards as beautiful images and PDFs that 100% matches the original ones! Speaker(s) Yuxiang Kou, Senior Software Engineer, Splunk Michael Luo, Principal Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV2165.pdf?podcast=1577146192 Product: Splunk Enterprise, Splunk Cloud, Splunk Developer Cloud Track: Developer Level: Intermediate

Machine Learning on the stream is useful for a few important reasons: scenarios where we want to dramatically reduce the resource utilization while providing high fidelity results and in use cases where we need algorithms to adapt to changing patterns and drifts in distributions real time.In this talk, we will discuss ongoing work in the area of streaming machine learning and show how we leverage Flink and DSP to build real time machine learning systems that allow us to perform adaptive thresholding and anomaly detection online.As an application of these principles, we will showcase how real time machine learning is used to detect anomalies in DSP pipelines.The talk will introduce relevant background in streaming machine learning as well as the problem of anomaly detection on Kubernetes logs. Speaker(s) Ram Sriharsha, Sr Principal Scientist, Head of Applied Research, Splunk Harsha Wasalathanrige Don, Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1139.pdf?podcast=1577146192 Product: Splunk Enterprise Track: Developer Level: Intermediate

The Financial Information eXchange (FIX) Protocol is one of the most pervasive electronic communications protocols used for real-time exchange of information related to securities transaction and market data. The protocol is used to move massive quantities of money per day. With over 1600 fields (tags) and 115 message types, the protocol presents some unique challenges to consider when developing an add-on for Splunk. Come see and discuss the protocol and how Splunk can help you make sense of the data it contains to improve your trading, business analytic, security, fraud, and compliance operations. Speaker(s) Josef Kuepker, Staff Security Specialist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1252.pdf?podcast=1577146192 Product: Splunk Enterprise Track: Developer Level: Intermediate

What is Splunk Cloud Platform (SCP), and how can it be leveraged in new ways current Splunk Cloud cannot? In this session you'll learn what Splunk Cloud Platform has to offer, the core concepts to be successful, and how to use Splunk Developer Cloud (SDC) tools to explore the services and features. Getting started couldn't be easier, and we'll show you how to go from sign-up to running in just a few clicks. You'll be dropped right in the middle of Splunk Investigate where you can access the services and features SCP has to offer (like ingest and search and collaboration tools). But that's not all, because using SDC tools you'll see how easy it is to create your own app to utilize the same SCP features as Splunk Investigate for your own use cases. Come join us for this end-to-end look at Splunk Cloud Platform, and get your head into the clouds!   Speaker(s) Andy Nortrup, Sr. Product Manager, Splunk Cecelia Redding, Engineering Manager, Splunk Clif Gordon, Principal Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1396.pdf?podcast=1577146192 Product: Splunk Developer Cloud Track: Developer Level: Good for all skill levels

How would you like a lightweight, fast, cross-platform source code editor that provides syntax highlighting for all Splunk configuration files? Want to edit your remote Splunk configuration files directly from your laptop or desktop? Ever make changes to your Splunk configuration files you wish you could easily undo? All of this can be done from Microsoft Visual Studio (VS) Code installed locally on your favorite operating system. This hands on lab will teach you how to use VS Code for Splunk App Management, including remote file editing, Splunk application best practices, and using GitLab for configuration file version control. Speaker(s) Joe Welsh, Sr. Manager, FDSE, Splunk Erica Pescio, Forward Deployed Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1270.pdf?podcast=1577146192 Product: Splunk Enterprise Track: Developer Level: Beginner

Have you ever had an idea that would improve incident response? I did. I knew I could save security analysts time by providing a tool that enabled analysts to determine if an endpoint had persistent malware present in seconds. However, it would need to integrate seamlessly into their incident response workflow and have a quality user interface. Frankly, that felt like an insurmountable hurdle for someone with little front-end development experience. I was pleasantly surprised to find that even as a solo developer, I was able to create a full-featured Splunk App with an interface that looks like it was designed by someone far more talented. Through a demonstration of my incident response app and a discussion of my experience building it, I’ll show you how Splunk makes it easier and, more importantly, realistic to bring your own ideas to life. I’ll also share a few pain-points I encountered so you can avoid some of the mistakes I made. Speaker(s) Joe Kovacic, Founder, Perseus Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1308.pdf?podcast=1577146191 Product: Splunk Enterprise Track: Developer Level: Intermediate

Learn how to build powerful apps with the Splunk Developer Cloud.  Speaker(s) Tedd Hellmann, Sr. Product Manager, Splunk Eric Cheng, Senior Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1476.pdf?podcast=1577146191 Product: AI/ML, Splunk Developer Cloud Track: Developer Level: Intermediate