2. Disclaimer
During
the
course
of
this
presentaIon,
we
may
make
forward
looking
statements
regarding
future
events
or
the
expected
performance
of
the
company.
We
cauIon
you
that
such
statements
reflect
our
current
expectaIons
and
esImates
based
on
factors
currently
known
to
us
and
that
actual
events
or
results
could
differ
materially.
For
important
factors
that
may
cause
actual
results
to
differ
from
those
contained
in
our
forward-‐looking
statements,
please
review
our
filings
with
the
SEC.
The
forward-‐looking
statements
made
in
the
this
presentaIon
are
being
made
as
of
the
Ime
and
date
of
its
live
presentaIon.
If
reviewed
aTer
its
live
presentaIon,
this
presentaIon
may
not
contain
current
or
accurate
informaIon.
We
do
not
assume
any
obligaIon
to
update
any
forward
looking
statements
we
may
make.
In
addiIon,
any
informaIon
about
our
roadmap
outlines
our
general
product
direcIon
and
is
subject
to
change
at
any
Ime
without
noIce.
It
is
for
informaIonal
purposes
only
and
shall
not,
be
incorporated
into
any
contract
or
other
commitment.
Splunk
undertakes
no
obligaIon
either
to
develop
the
features
or
funcIonality
described
or
to
include
any
such
feature
or
funcIonality
in
a
future
release.
3. Agenda
Intro
Splunk
App
for
Stream
Overview
Splunk
for
Mobile
Intelligence
Demo
4. Ad-‐hoc
Analysis
On
Wire
Data
Is
Challenging
Volume,
velocity
and
variety
make
it
difficult
to
collect,
explore,
analyze
and
visualize
wire
data
Distributed
datacenters
introduce
challenges
in
accessing
wire
data
from
public
and
hybrid
clouds
Complex
network
environments
make
installaIon
and
management
of
probes
and
appliances
laborious
5. See
Everything
with
Splunk
App
for
Stream
Enables
real-‐<me
insights
into
private,
public
and
hybrid
cloud
infrastructures
Delivers
rapid
deployment,
easy
scale
out
and
efficient
wire
data
capture
Capture
and
analyze
cri<cal
events
not
found
in
logs
or
with
other
collec<on
methods.
1
2
3
Enhance
Opera<onal
Intelligence
With
Wire
Data
Capture
6. Example:
What
Is
Available
From
The
Wire
Performance
Metrics
Round
Trip
Time
Client
Request
Time
Server
Reply
Time
Server
Send
Time
Total
Time
Taken
Base
HTML
Load
Time
Page
Content
Load
Time
Total
Page
Load
Time
Applica<on
Data
POST
Content
AJAX
Data
SecIon
Sub-‐SecIon
Page
Title
Session
Cookie
Proxied
IP
Address
Error
Message
Business
Data
Product
ID
Customer
ID
Shopping
Cart
ID
Cart
Items
Cart
Values
Discounts
Order
ID
Abandoned?
7. 7
Enable
New
OperaIonal
Insights
• Add
informaIon
about
applicaIon,
infrastructure,
security
and
business
acIvity,
without
needing
instrumentaIon
• Support
new
and
extends
exisIng
Splunk
use
cases
across
IT,
security
and
the
business
with
wire
data
capture
Enhanced
Opera<onal
Intelligence
Efficient,
Cloud-‐Ready
Wire
Data
Collec<on
Fast
Time
to
Value
• Gain
visibility
into
any
public,
private
or
hybrid
cloud
infrastructures
with
a
soTware
soluIon
• Control
data
collecIon
volumes
with
fine-‐grained
protocol
and
adribute
filtering
• Deploy
quickly
from
interface-‐driven
install
• Enable
rapid
incident
response
• Easily
scale
out
with
centralized
management
8. Beder
Insights
for
IT
OperaIons
• Get
real-‐Ime
granular
insights
to
reduce
MTTR
without
costly
appliances
• Analyze
all
applicaIons
and
user
behavior,
measure
applicaIon
response
Imes
and
trace
transacIon
paths
• IdenIfy
infrastructure
performance
issues,
capacity
constraints,
changes
and
establish
baselines
Value
+
Contextual
Data
Applica<on
logs,
infrastructure
(storage,
network,
server)
logs,
performance
metrics,
events
8
SQL
queries,
DNS
records,
IP
conversa<ons,
transac<on
traces,
ICA
latency,
response
<mes
Wire
Data
9. Beder
Insights
for
Security
• Real-‐Ime
DPI
of
wire
data
backed
with
analyIcs
enables
easier
forensics
analyses
and
quicker
incident
response
• Analyze
all
user
and
applicaIons
behavior
and
respond
Imely
to
threats
with
cost
efficient
real-‐Ime
header
and
payload
field
extracIon
• Baseline
network
traffic
and
understand
anomalies
associated
with
advanced
and
insider
threats
• Quick
soTware
install
at
end
points,
network
infrastructures
and
cloud
without
expensive
appliances
Value
+
Contextual
Data
Firewall
logs,
applica<on
logs,
IDS
logs,
network
logs,
perf.
metrics,
events
9
User
and
applica<on
traffic,
protocol
iden<fica<on
(TCP,
DNS,
HTTP,
etc.),
protocol
headers
&
payload
extrac<on,
SSL
decryp<on
Wire
Data
10. 10
Custom
Content
ExtracIon
Enables
Efficient
Real-‐Time
Insights
• Easily
and
selecIvely
analyze
web
traffic
for
security
risks
• IdenIfy
data
exfiltraIon,
including
PII
or
exposed
assets
• Prevent
data
loss,
perform
forensics
and
reduce
troubleshooIng
Ime
Improved
Security
Posture
Efficient
Real-‐Time
Business
Analyses
Efficient
IT
Ops
and
Applica<ons
Visibility
• Real-‐Ime
granular
insights
into
key
business
indicators
from
web
traffic
• SelecIve
on-‐the-‐fly
visibility
into
shopping
carts,
user
interacIons,
etc.
• Monitor
web
services
performance
on-‐the-‐fly
for
quick
troubleshooIng
and
performance
analysis
• Enable
real-‐Ime
custom
protocol
monitoring
11. ApplicaIons
Visibility
for
Easy
Capacity
Planning
AVP
of
Networks
and
Communica<ons,
Large
Na<onal
Bank
“I
enjoyed
using
the
Splunk
App
for
Stream
as
it's
giving
us
a
bunch
of
different
perspecIves
on
our
traffic
and
beder
granularity
compared
to
some
of
the
other
tools
we
used.
Stream
is
unique
because
Splunk
analyIcs
are
Ied
to
a
network
monitoring
tool.”
• Granular
applicaIon
and
network
visibility
drives
easy
remediaIon
• ProacIve
applicaIons
and
network
traffic
monitoring
enables
beder
capacity
reporIng
and
planning
• Powerful
analyIcal
engine
enables
data
analyses
by
novice
users
Key
Customer
Benefits
Deployment
• Quick
host-‐based
deployment
at
criIcal
network
segments
– Ability
to
observe
both
client
and
server
traffic
11
12. Stream
at
CanDeal:
Breaking
the
Silos
Kris
Laxdal,
IT
Manager
&
Security
Analyst
“Stream
allows
our
IT
Ops,
security
and
developers
teams
to
get
relevant
data
quickly.”
“You
cannot
show
up
with
tradi<onal
packet
captures
tool
in
the
boardroom.
Stream
and
Splunk
help
us
understand
issues
at
the
high
level
and
if
exec
team
wants
to
see
the
details
we
can
drill
down
easily.
That
is
what's
great
about
Stream!
”
IT
Opera<ons
• High
level
view
with
contextual
drill-‐down
ability
• Easy
access
and
visibility
into
producIon
MySQL
environment
helps
applicaIon
developers
troubleshoot
issues
and
roll
out
releases
quicker
• Improved
collaboraIon
between
teams:
IT
OperaIons,
QA
(pre-‐producIon
tesIng),
security
and
development
• Improved
customer
response
Imes
due
to
real-‐Ime
visibility
into
applicaIon
issues
Security
• CorrelaIon
against
indicators
of
compromise
helps
invesIgate
and
miIgate
Advanced
Persistent
Threats
(APTs),
potenIal
data
exfiltraIon
&
other
risks
Key
Customer
Benefits
12
13. Real-‐Ime
Business
Insights
for
Canadian
Service
Provider
Technical
Analyst,
Canadian
Telco
(Crown
CorporaIon)
“Splunk
helps
us
provide
real-‐Ime
business
insights
for
our
MarkeIng
team”
“During
the
first
day
of
using
Stream
and
visibility
into
Diameter
we
(support
team)
idenIfied
infrastructure
capacity
issue
before
our
IT
OperaIons
team.”
“Everyone
in
our
industry
should
be
deploying
Splunk
&
Stream.
The
value
we
get
from
it
is
tremendous.”
• Visibility
into
customer
behaviour
results
in
efficient
markeIng
campaigns
and
be^er
business
decisions
– IdenIfied
“grey
market”
phones
in
our
network
– AnalyIcs
driven
ads
and
understand
user
behaviour
at
big
sporIng
events
• Visibility
into
mobile
backhaul
infrastructure
helps
us
resolve
operaIonal
issues
quicker
• Beder
collaboraIon
between
teams:
Network
support
team,
IT
OperaIons
&
MarkeIng
Key
Customer
Benefits
13
14. Wire
Data
Intelligence
Improves
Security
One
plaqorm:
Value
for
IT
and
Security
Security
Analyst,
Payment
Processing
Company
“The
thing
that
makes
the
Stream
app
beder
than
any
other
packet
analysis
soluIon
out
there
is
the
staIsIcal
analysis
from
Splunk
Enterprise.
You
can
apply
it
freely
to
all
of
the
wire
data,
which
enables
me
to
analyze
this
data
in
ways
not
possible
before.
This
visibility
help
us
prevents
external
infiltraIon
and
avoid
malicious
adacks.”
• Real-‐Ime
security
intelligence
to
prevent
adacks
and
infiltraIons
• Baselining,
trending
and
applying
analyIcs
to
detect
anomalies
in
traffic
(mySQL,
postgres,
etc.)
• Centralized
management
of
all
wire
data
results
in
operaIonal
cost
savings
• Efficient
monitoring
of
user
authenIcaIons
for
audit
and
security
Key
Customer
Benefits
• Non-‐intrusive
and
easy
monitoring
of
server
communicaIon
• Flexible
and
easy
integraIon
with
exisIng
Splunk
security
dashboards
14
15. Wire
Data
Speeds
Up
Forensics
Security
Engineer,
Financial
Services
Ins<tu<on
“The
biggest
value
of
Stream
is
how
fast
can
we
resolve
and
close
security
cases.
Before
Stream,
I
had
to
collect
data
from
mulIple
systems
and
it
would
take
me
an
hour.
With
Stream,
informaIon
is
already
there
and
I
can
get
answers
within
5
minutes.
It
is
much
easier
to
get
data
now.”
• 90%
reducIon
in
incident
triage
and
invesIgaIon
Ime
• Deeper,
quicker
and
easier
understanding
of
traffic
and
user
acIvity
for
forensic
purposes
• Immediate
insights
and
improved
data
collecIon:
– EliminaIon
of
moving
pcap
files
around
between
several
tools
Key
Customer
Benefits
Deployment
• Flexible
and
easy
deployment
on
key
network
locaIons
15
16. Supported
Protocols
and
Plaqorms
• UDP
• TCP
• HTTP
• IMAP
• MySQL
(login/cmd/
query)
• Oracle
(TNS)
• PostgreSQL
• Sybase/SQL
Server
(TDS)
• FTP
• SMB
• NFS
• POP3
• SMTP
• LDAP/AD
• SIP
• XMPP
• AMQP
• MAPI
• IRC
Supports
Windows
7
(64-‐bit),
Windows
2008
R2
(64
bit),
Linux
(32-‐bit/64-‐bit)
and
Mac
OSX
(64-‐bit)
• DNS
• DHCP
• RADIUS
• Diameter
• BitTorrent
• SMPP
16
Improved
performance
requiring
less
compute/memory
power!
17. Stream
Forwarder
Architecture
Protocol
Decoder
(Deep
Packet
Inspec<on)
Events
Decryp<on
Request/
Response
Network
Interface
(eth1)
Standard
Out
(To
Splunk
Forwarder)
Packets
Streams
Request/
Response
Request/
Response
Protocol
Decoder
(Deep
Packet
Inspec<on)
Events
Decryp<on
Standard
Out
(To
Splunk
Forwarder)
Protocol
Decoder
(Deep
Packet
Inspec<on)
Events
Decryp<on
Standard
Out
(To
Splunk
Forwarder)
Network
Interface
(ethN)
Packets
…
Threads
17
18. Architecture:
Dedicated
Server
18
End
Users
TAP
or
SPAN
Firewall
Splunk
Indexers
Search
head
Linux
Forwarder
Splunk_TA_Stream
Servers
Internet
19. Architecture:
Run
on
Servers
19
End
Users
Firewall
Splunk
Indexers
Search
head
Physical
or
Virtual
Servers
Universal
Forwarder
Splunk_TA_stream
Internet
Physical
Datacenter,
Public
or
Private
Cloud
21.
• New
OS
versions
break
apps
• Network
issues
are
difficult
to
find
and
simulate
• Limited
Ime
to
make
changes
and
fixes
The
Challenges
of
Delivering
Mobile
Apps
21
• Plan
for
growth
• Solve
infrastructure,
API
and
app
issues
• Feature
usage
• Monitor/analyze
user
behavior
• Deliver
omni-‐channel
analyIcs
• Mobile+web+desktop
Form
Factor,
Plahorm,
Interac<on
Style
Variety
Rapid
App
Dev
Cycles,
Break-‐Fix
Needs
Infrastructure
Analy<cs
• OS
and
device-‐
centric
development
• Need
to
correlate
devices,
versions
22. Mobile
App
Delivery:
Different
Challenges
for
Different
Roles
22
• How
do
I
find
the
root
cause
of
app
crashes/poor
performance?
• What
were
users
doing
when
the
issue
happened?
• How
do
I
get
more
insight
into
transacIon
paths?
• Is
the
problem
with
the
app,
the
network
or
the
backend
system?
• Do
I
have
the
right
capacity
in
place
to
handle
transacIon
volume?
• How
does
performance
compare
mobile
vs.
web
vs.
desktop?
• How
are
customers
using
my
app?
• Which
features
should
I
prioriIze
for
future
versions?
• How
does
customer
behavior
compare
across
channels?
APP
MANAGERS/
OPERATIONS
PRODUCT
MANAGERS/
BUSINESS
OWNERS
MOBILE
APP
DEVELOPERS
23. Enhance
Opera<onal
Intelligence
Using
Mobile
Data
23
Deliver
Beder
Performing,
More
Reliable
Apps
Deliver
Real-‐Time
AnalyIcs
Achieve
End-‐to-‐End
Visibility
24. How
Splunk
MINT
Works
• Embed
Splunk
MINT
SDKs
in
your
mobile
app
• AcIvate
with
one
line
of
code
• Your
app’s
operaIonal
data
is
securely
transmided
to
the
Splunk
MINT
Data
Collector
• Analyze
your
mobile
operaIonal
data
using
the
Splunk
MINT
App
• Correlate
the
data
with
other
sources
using
Splunk
Enterprise
24
Mobile
App
OperaIons
Data
Splunk
MINT
Data
Collector
Real-‐Ime
Mobile
OperaIonal
AnalyIcs
25. Deliver
Be^er
Performing,
More
Reliable
Apps
• Improve
user
retenIon
by
quickly
idenIfying
crashes
and
performance
issues
• Immediate
insight
on
transacIon
performance
and
causes
of
transacIon
failures
• IdenIfy
network
performance
issues
and
assess
how
they
impact
your
app
25
Real-‐Ime
monitoring
of
crashes
and
performance
26. Achieve
End-‐to-‐End
Visibility
• Correlate
Splunk
MINT
data
with
other
OperaIonal
Intelligence
for
end-‐to-‐end
transacIon
analysis
• Use
Splunk
Enterprise
search
capabiliIes
to
correlate
and
drill
down
into
your
mobile
and
non-‐
mobile
data
26
Use
correlaIons
to
get
comprehensive
insights
27. Deliver
Real-‐Time
Analy<cs
• Network
performance:
Create
dashboards
that
compare
network
performance
by
carrier
(Wi-‐Fi,
LTE
networks,
etc.)
• Geoloca<on:
Gain
insight
on
usage
and
performance
by
where
users
are
located
• Search
and
Pivot:
UIlize
search
and
analyIcs
capabiliIes
to
explore
your
mobile
data
27
Get
granular
insights
into
your
app
and
its
users
28. Gelng
Started
With
Splunk
MINT
28
Mobile
Developers
Sign
up
on
mint.splunk.com
Download
SDKs
and
create
mobile
projects
Download
Splunk
Enterprise
Splunk
Admin
Re-‐deploy
Splunk
MINT
enabled
apps
Check
Splunk
MINT
Management
console
Download
the
Splunk
MINT
App
Run
Wizard
to
connect
to
the
Splunk
MINT
Data
Collector
Get
dashboards
and
search,
correlate
29. MINT
Benefits
Developers
and
the
Business
29
• Immediate
quality
insights
• User,
usage,
transacIon,
network
visibility
• Fast
Ime-‐to-‐value
with
lightweight
SDK
• Find
bodlenecks
across
app,
network,
backend,
APIs
• Right
size
capacity
for
transacIon
volumes
• Ensure
performance
across
all
channels
• User
behavior,
user
experience
insights
• Faster,
more
valuable
improvements
• Omni-‐channel
analyIcs
APP
MANAGERS/
OPERATIONS
PRODUCT
MANAGERS/
BUSINESS
OWNERS
MOBILE
APP
DEVELOPERS
31. Three
Takeaways
Splunk
App
for
Stream
helps
you
see
everything!
Splunk
MINT
helps
you
deliver
more
reliable
and
be^er
performing
mobile
apps!
Use
Splunk
somware
for
an
end-‐to-‐end
view
of
your
cri<cal
applica<ons!
1
2
3
32. 32
The
6th
Annual
Splunk
Worldwide
Users’
Conference
• September
21-‐24,
2015
• The
MGM
Grand
Hotel,
Las
Vegas
• 4000
IT
&
Business
Professionals
• 2
Keynote
Sessions
• 3
days
of
technical
content
– 165
sessions
• 3
days
of
Splunk
University
– Sept
19-‐21,
2015
– Get
Splunk
CerIfied
for
FREE!
– Get
CPE
credits
for
CISSP,
CAP,
SSCP,
etc.
– Save
thousands
on
Splunk
educaIon!
• 80
Customer
Speakers
• 80
Splunk
Speakers
• 35
Apps
in
Splunk
Apps
Showcase
• 65
Technology
Partners
• Ask
The
Experts
and
Security
Experts,
Birds
of
a
Feather,
Chalk
Talks
and
a
new
&
improved
Partner
Pavilion!
• Register
at
conf.splunk.com