Notes From Splunk .conf 2015 Day One

PartPavWhat a fantastic first day at my first ever Splunk global user conference, .conf15. Last night’s Partner soiree kicked off the fun, bringing our customers and partners together in the expo pavilion over some tasty conference food and free-flowing drinks. Demos everywhere, a gaming space, golf swing analytics, and even a race car – no wonder it was absolutely packed!

The first full day started today with the opening keynote in front of a visibly energized crowd in a packed hall. Over 4000 Splunk customers are attending this year, and .conf is still growing. Not surprising, since this year Splunk chalked up its 10,000th customer.

The keynote was fantastic, among the best I have seen. Dynamic and informative, with a bit of fun and lots of customers, but no BS, no history lessons, no FUD, no preaching, no ego-stroking, no buzzwords, no dogma. Just a warm welcome and four key announcements:

  • Splunk Enterprise 6.3 – breakthrough performance, more advanced analytics and visualizations, and high-volume event collection for DevOps and Internet of Things (IoT) devices.
  • Splunk IT Service Intelligence (ITSI) – a new IT monitoring and analytics solution to provide new levels of visibility into the health and key performance indicators (KPIs) of IT services.
  • Splunk Enterprise Security 4.0 and Splunk User Behavior Analytics (UBA): to help organizations track attackers’ steps and machine learning to detect cyber-attacks and insider threats.

Every announcement included demos of products working, backed with actual customer stories. The new security solutions will be available next month, and the IT solutions are all available immediately. No ‘announceware’, no waiting for delivery next year.

As a former ops guy and now a student of DevOps, the IT Service Intelligence (ITSI) launch made me sit up a listen. With automatic KPIs that will handle dynamic, distributed environments with stunning, highly customizable dashboards, IT Service Intelligence goes beyond traditional monitors.

Splunk ITSI opens up a whole new space with a unique ability to collect, analyze, and correlate data from applications, network monitors, APM tools, wire data, cloud providers, mobile devices, data center infrastructure, web servers and more. Visually mapping services and KPIs over custom visuals puts context into data, uncovers new insights, and translates operational information into business impact. Already over a dozen Splunk customers are using this new solution, including Vodafone, Leidos, EnerNoc, Fiserv and Accenture – including in production.

SplunkshakeSplunk has long been a leader in operations management using big data and machine data, but this keynote also showed how Splunk is also taking the lead on making sense of machine data coming from the Internet of Things (IoT). I especially enjoyed the demo showing the potential for real time mobile analytics. The audience (in person and online) was asked to visit a web page and shake their phones, which generated a ‘shake’ data stream. This was then pulled into Splunk and analyzed in real time for shake speed, top shaker origin, and device type.

This live experiment/demo was a bit of fun, but with a serious purpose. It showed how easy it is to get data from connected devices and into Splunk, without an app, agent, or download – a powerful capability in mobility, and the emerging IoT.

On an even more practical note, it was also fascinating to learn how companies like Target are using Splunk to power their IoT insights; driving efficiency from automated industrial robots in a distribution center.

And finally, it was impressive to see how security pros can use the new Splunk UBA solution to log and trace the workflow of a breach, detecting malicious threats from insiders or outsiders (including outsiders who look like insiders, and v.v.). With a fun short film , the process of building a ‘journal’, showing the end to end lifecycle of a cyber-attack, was truly unique, and a lot of fun.

Of course, I visited many other sessions today as well. This may be the best part about .conf2015 – how many customers want to tell their stories, and how enthusiastic they are about Splunk and what it does for them. There were too many great stories to cover here, but if you follow my Twitter account (@AndiMann) then you would have seen some of the highlights.

Tonight is a party night, which I am sure is going to be awesome. I’ll post more from .conf2015 tomorrow and you can follow all the conversations coming out of .conf2015:



2 Trackbacks

  1. […] Notes From Splunk .conf 2015 Day One (Andi Mann) […]

  2. […] IT Operations perspective.There’s a great blog post series from Splunk’s very own Andi Mann on day 1 and day 2 of .conf. My colleague, Matthias will be writing a blog post from the security angle […]