SplunkLive! Zürich

Hello Splunker,

Swiss_ChoclateGreetings from lovely Switzerland. As well as their great chocolate, this week they also had a lot of Splunkers in town for SplunkLive! Zurich. For the 4th time SplunkLive! was in town eating up all the chocolate.

There were many existing Splunkers exchanging great ideas and growing their knowledge and maturity level in the Splunk curve year over year. There were also a lot of folks who were new to Splunk and got inspired.

As always at SplunkLive!, we have great customers who share the story of their journey with Splunk and what they achieved for their company by being smart and extracting the value out of machine data.

Graphmasters GmbH, Iulian Nitescu, Founder & CTO

Ijulian_GraphmastersGraphmasters is a very innovative company, developing collaborative traffic routing engines that can be used by professional driver fleets as well as consumers. We all rely on navigation systems to give us a heads up about traffic jams. However, at the moment all navigation systems calculate similar journeys to avoid traffic jams, which often creates a second, alternative traffic jam where we then get stuck. Graphmasters has built its NUNAV App to save you time by giving you traffic updates every 15 seconds on your journey and not routing everyone the same way to distribute traffic optimally. Iulian is the CTO and Founder and an expert in graph algorithms.

  • Use Cases and Values:
    • Heartbeat of the system to ensure everything is working properly, preventing downtime
    • Monitoring system load including logical indicators to add additional resources and scale out the environment
    • Predict arrival time accuracy of the users to measure the quality of the service
    • Building traffic profiles from traffic data including visualization of the traffic probes with heat maps, including visualization of the speed on each of the lanes
  • Data Sources:
    • Machine data form the app
    • Data from traffic feeds (own data and purchased data)
    • Internal log data from infrastructure

Swisslos Interkantonale Landeslotterie, Joris Vuffray, Manager Network & System Mangement

Swisslos, the Swiss lottery company, operates as a co-operative enterprise and is active across all of the German-speaking cantons of Switzerland as well as in the Canton of Ticino, in the Italian-speaking part of the country. Swisslos channels all of the profits from its lotteries and sports betting operations directly into projects that fund cultural, social and sporting institutions in the region. Since its inception in 1937, Swisslos has fulfilled this charitable work by offering attractive yet socially responsible gameplay. Its lottery, ticket and card games, online gaming, and sport and horse-race betting activities realised a net profit of 365 million Swiss francs for the company in 2013.

Joris_SwisslosThere is a lot of IT running in the background to support all this, and without IT running smoothly, no money can be earned. Availability is crucial to ensure everything can be processed in time before the bet closes, and IT Security is also an integral part of the business to ensure the integrity of all transactions and bets. Joris spoke previously at SplunkLive! three years ago and also made a video at .Conf. It was interesting to see what new use cases and what additional value Joris found for his Company by travelling along the maturity journey with Splunk.

Use Cases and Values

  • IT-Operations
    • They have pre populated and classified dashboards which results in faster problem detection for the teams
    • Creation of alerts which then get pushed out via SMS, internal chat systems, emails
    • Filling the ticketing systems with Splunk
    • Running Splunk dashboards on large TVs
  • IT-Security
    • With Prelert on top of Splunk they can detect unknown threats very well
    • Security Cross Check Analysis: Lookup table with information on who is allowed to do what – in case of a violation an alert is send out
    • Botnet detection and elimination
    • Elimination of distributed DOS Attacks with Splunk
    • Correlations and alerting based on distances between logon locations
    • Improving the rules on IPS/IDS/Firewall with Splunk
    • Realtime monitoring of internal penetration tests and tracking with Splunk
    • Analysis in case of internal fraud
  • DevOps
    • Support the developer to develop better applications by enabling them to track their application in the production environment
    • Faster to develop new applications that are more stable as everyone speaks the same language and is focused to deliver a good service
  • Business Intelligence
    • Realtime reporting for the BI Team, e.g. tracking e-mail campaigns in real time directly in Splunk
    • Sentiment analysis – early indicator for problems, since if some systems are not working as expected, customers often report this via social media
  • Compliance
    • Regular reports, for example password accesses. The auditors are regularly reviewing multiple IT activities within their IT environment

Overall with Splunk they can better understand how their environment is working, how the business is working and that enables everyone within Swisslos improve the overall service they deliver to customers. It is getting more and more important that IT is focused on how best to support and improve the business.

 

Global Financial Services Company, Jens Tkotz, Splunk Lead Engineer Global Log Management

The Global Financial Services Company is a Switzerland based bank headquartered in Zürich. So it was a home game for Jens from the Global Log Management Team to participate at SplunkLive! Jens has worked with Splunk since 2011, so it was great to see what significant use cases they have and how his journey got more mature over time.

The Bank has several external requirements that they manage with Splunk, like Swiss banking laws, SOX and local banking regulations, as well as internal requirements that influence their strategy. Access management is very important to them, and their role based user access analysis showed they need about 2,000,000 roles. That is quite impressive! Thanks to Splunk Search Filters and scripted authentication they can do secure, two factor authentications as well as dynamically authorizing users based on attributes. That enables them to ensure minimal manageability with maximum data segregation.

As a sponsor we welcomed EMULEX. They presented their Endace Fusion Connector for Splunk.

In the afternoon we had beginner and advanced tracks. In the beginner track everyone got an introduction to how our data models in 6.2 work and how to use them. Within the advanced track everyone learned how Splunk can be used in IT security as well as what values you can get by using Splunk in IT operations.

Thanks a lot to all participants and looking forward to hearing in 2016 how everyone has grown in maturity with the information gained at SplunkLive! Zurich from those great customers.

Happy Splunking,

Matthias