Using Simple XML and Splunk Enterprise, learn how to create easy interactive dashboards to explore data. This demo showcases great tools to put ion the hands of Splunk users, help desk users and IT Operations staff.

1. Copyright
©
2014
Splunk
Inc.
Ma:hias
Maier
Sales
Engineer,
Splunk
Dashboard
Fun
CreaCng
an
interacCve
TransacCon
Profiler

2. Disclaimer
2
During
the
course
of
this
presentaCon,
we
may
make
forward-­‐looking
statements
regarding
future
events
or
the
expected
performance
of
the
company.
We
cauCon
you
that
such
statements
reflect
our
current
expectaCons
and
esCmates
based
on
factors
currently
known
to
us
and
that
actual
events
or
results
could
differ
materially.
For
important
factors
that
may
cause
actual
results
to
differ
from
those
contained
in
our
forward-­‐looking
statements,
please
review
our
filings
with
the
SEC.
The
forward-­‐looking
statements
made
in
the
this
presentaCon
are
being
made
as
of
the
Cme
and
date
of
its
live
presentaCon.
If
reviewed
aPer
its
live
presentaCon,
this
presentaCon
may
not
contain
current
or
accurate
informaCon.
We
do
not
assume
any
obligaCon
to
update
any
forward-­‐looking
statements
we
may
make.
In
addiCon,
any
informaCon
about
our
roadmap
outlines
our
general
product
direcCon
and
is
subject
to
change
at
any
Cme
without
noCce.
It
is
for
informaConal
purposes
only,
and
shall
not
be
incorporated
into
any
contract
or
other
commitment.
Splunk
undertakes
no
obligaCon
either
to
develop
the
features
or
funcConality
described
or
to
include
any
such
feature
or
funcConality
in
a
future
release.

3. Who
I
am
3
! Sales
Engineer
in
Germany
! Splunker
nearly
2
years
! Like
to
get
hands
on
real
world
scenarios
! CISSP
! Worked
in
the
past
for
McAfee
(Security)
and
Tibco
(AnalyCcs)

4. Self
AnalyCcs
/
TransacCon
Profiler
Dashboard
• Goals:
– Self
exploraCon
of
data
– Gaining
Ideas
from
other
departmental
users
for
new
use
cases
and
business
insight
ê “Do
we
have
this
informaCon
available?”
ê “Can
we
add
this?”
ê “Can
we
correlate
with
this?”
– How
to
get
to
this
stage?
4

5. Adding
Value
5
I
loaded
1.000.000
Records.
Start
to
add
value
for
other
departments

6. You
might
want
to
provide
an
impressive
starCng
point
for
other
people
to
explore
the
Data
(Next
to
the
RAW
Searches
and
DATA
Models)
Challenge
for
Machine
Data
in
Business
Context
! Not
every
user
who
can
benefit
might
have
SPLK
Language
skills
! Not
every
user
is
creaCve
with
data
in
the
first
step
! YOU
as
a
Splunk
Data
Analyst
might
not
be
able
to
interpret
business
data
for
Business
Insights
6

7. DemonstraCon
7
Demo
(That
is
what
you
learn
how
to
create/get
this
aPer
my
session):
Profiling
Dashboard

8. TransacCon
Profiler
With
IP
Traffic
8

9. Start
With
One
Single
“TransacCon”
1. Search
and
InvesCgate
a
TransacCon
Field
‒ Filter
down
to
one
session
9
Sample
“transac7on”
fields
Username
+
Session
InformaCon
TransacCon
ID
Order-­‐ID
E-­‐Mail
Address
Service
Name
IP-­‐Address/Hostname/System
name

10. Interview
2. Go
to
a
object
ma:er
expert
and
let
them
explain
what
happened
in
this
session
10

11. DemonstraCon
11
Demo
(raw
search,
explain
data-­‐set)

12. TransacCon
Profiler
With
IP
Traffic
12

13. Create
Dashboards
3. Create
consistent
dashboards
by
using
some
of
the
following
methods
13
Search
Descrip7on
…
|
Cmechart
count
Easiest
one
ever
…
|
stats
dc(<fieldname>)
by
<fieldname>
DisCnct
count
gives
a
lot
of
interesCng
insights:
• Why
is
this
user
logging
on
from
so
many
different
systems
• Why
has
this
transacCon
id
so
many
different
status
codes
• Why
is
this
IP
communicaCng
to
so
many
desCnaCon
ports
…
|
transacCon
<fieldname>
|
table
duraCon
As
single
value
How
long
did
it
take?
…
|
head
1
|
table
_Cme
…
|
tail
1
|
table
_Cme
• When
was
the
first
“session”,
• When
was
the
last
“interacCon
with
the
system”

14. DemonstraCon
14
Demo
(dashboard
with
some
single
values
+
stats
+
Cme
charts
based
on
ONE
TransacCon)

15. My
IP
Profiler
15

16. Create
Drop
Down
Lists
4. Create
drop
down
lists
and
input
fields
to
make
the
dashboard
interacCve
‒ Thanks
to
Version
6.1
it
can
be
done
via
the
Gui
without
coding
‒ Review
the
dashboard
example
app
for
addiConal
visualizaCon
tricks
5. Tokenize
the
searches
to
make
them
flexible
16

17. DemonstraCon
17
Demo
(add
free
text
field,
pickers
(dynamic),
token
fields
+
replace
single
transacCon
id
with
token)

18. My
IP
Profiler
18

19. Example
19

20. We
are
not
done
6. Make
sure
you
add
default
values
for
each
of
the
drop
down
fields.
So
in
case
someone
wants
to
see
something,
you
guide
him
to
the
right
choice
to
get
a
dashboard
populated.
20

21. DemonstraCon
21
Demo
(add
default
values
and
show
first
user
experience
accessing
the
dashboard)

22. 22

23. 23

24. 24
TransacCon
Profiler
Use
Cases
for…
! Helpdesk
! Support
Desk
! Second
+
Third
Level
Support
! Developers
of
In
House
ApplicaCons
! Service
Level
Manager
! MarkeCng
Departments
! IT-­‐Security
/
SIEM
Use
Cases
! Business
Fraud
DetecCon
Search
and
InvesCgate
a
Single
TransacCon
Review
transacCon
with
a
subject
ma:er
expert
from
the
business
Create
a
Dashboard
for
a
single
transacCon
Create
drop
downs
for
exploraCon
Tokenize
the
searches
Set
default
values
Gain
new
ideas
and
business
insight
from
Machine
Data
• Give
this
in
the
hand’s
of
Business
People
for
• gather
Feedback
and
tune

25. Special
Offer:
Try
Splunk
MINT
Express
for
Free!
Splunk
MINT
offers
a
fast
path
to
mobile
intelligence.
How
fast?
Find
out
with
a
6-­‐month
trial*
• Register
for
your
free
trial:
h:p://mint.splunk.com/conf2014offer
• Download
the
Splunk
MINT
SDKs
• Add
the
Splunk
MINT
line
of
SDK
code
and
publish**
• Start
gexng
digital
intelligence
at
your
fingerCps!
*Offer
valid
for
.conf2014
a5endees
and
coworkers
of
a5endees
only.
**Trial
allows
monitoring
of
up
to
750,000
monthly
acDve
users
(MAUs).
25

26. THANK
YOU
Contact:
ma:hias@splunk.com