Choose language:
Pratite nas:
back

Fresh from Splunk .conf19

28.10.2019

A new strategy, new products, new improvements, new everything – in short, there was something for everybody

For the last 10 years Splunk organizes .conf, a conference that started with around 350 visitors. This year, in Last Vegas, they entertained more than 11.000 people, held over 200 presentations, unveiled new and improved products and services that span across almost all imaginable industries...
Infigo IS, as one of Splunk’s VIP partners, for the sixth-year running was at .conf, and we have to say, you can see the growth every year without fail.
 
There was everything, but before any showings, Splunk introduced their new strategy, Data-to-Everything (D2E). Didn’t we use data to such extent? Yes. But people at Splunk think it could be done even better. If everything stopped there, we could have easily all put that under marketing and carry on, but luckily, Splunk showed what they’ve meant.
They introduced Splunk Enterprise 8.0, now with extra optimizations to take advantage of current infrastructure without the need to invest in more hardware. There are new tools for cloud deployment, and a thing that will bring joy to many, better view of visualization analytics. For the people behind the scene, admins, there are a lot of things to look forward to, but probably one of the best one is Enterprise Access Control that enables to have many user roles use just one index. With any filed combinations every user can see exactly the data it has rights to see. Also, there is a query oversight that enables administrators to automatically downgrade big searches to lower priorities (so it won’t hog resources), or simply to kill certain queries that are too wide.
 
This last thing gives new perspective when you hear about Data Fabric Search; DFS enables searching across multiple Splunk instance at unprecedented scale, but also beyond Splunk index. Now you can search through Amazon S3 Data Lake, and Hadoop Distributed File Store – it can gather more than 10 billion events in a single search!
 
On the other side of the equation, Splunk introduced Data Stream Processor – it focuses on the data before it hits the index. DSP gives an instant access and insights in motion so the data can be transformed and analyzed, go through different machine learning models, so it can enter the system already enriched. With the help of so-called visual canvas users can make pipelines and then fill the nodes with code. Especially interesting is the way how through DPS the data can go from one source to multiple points/departments with different sets of enrichment in the process.
 
Splunk User Behavior Analytics (UBA) now has a model builder so people who aren’t data scientists can get a machine learning model without much sweat; through point and click interface it is enough to pick a problem, get suggested model, and that’s about it.
 
With all that, the nice thing is you can combine what you have so, for example, with Splunk Business Flow, the new premium solution, you can have interactive discovery and building of business processes, but if you combine it with DSP and UBA, you can almost immediately start searching for solutions for your business woes.
 

The power of visualization

 
Splunk has always handled visualization well, and now it went even further. Splunk Mobile app is for some time available on iOS, and now it got Phantom, ITSI, and VictorOps integration. Owners of Android based devices during the .conf19 finally got their version of the app.
People using Apple TV have the possibility of using Splunk TV app that brings Splunk dashboards on Apple’s device, and it has two great features – you can still watch the TV while dashboards are on screen, and you can use NLP (Natural Language Processing) to tell your TV in plain English, what you want it to do.
 
Splunk AR uses augmented reality to fill the real world through screen on iOS device with dashboards and predefined actions. It basically means that you can, for example, in an industrial environment point a camera at a piece of machinery marked with QR code or NFC chip, get a screen full of dashboards floating over beforementioned machinery filled with real-time data, check if everything is as it should be, and if it isn’t, click a predefined action or report a ticked right from Splunk AR. Or you could just tell the phone to do that since it also supports NLP.
 
Splunk VR is currently in beta testing, and as you have already guessed it, it is Splunk in virtual reality setting where with VR headset we have access to unlimited filed for dashboard and analytics. You are maybe wondering, why, but once you see how many dashboards you can fit, plus when you see how dashboards are interactive, and you can just drop one onto the other to instantly get new correlations, switch the graph into 3D and rotate it along the axis, well, it opens a whole new world before your eyes.
 

Data for all

 
And while 92 out of 100 top Fortune 100 companies use Splunk, there are lot of others that would benefit from this platform, but it is out of their reach. So, Splunk introduced Splunk Ventures that will invest 100 million dollars through Innovation Fund, and 50 million through Social Impact Fund to help the organizations who use power of data to change the world.
 
Splunk .conf19 had a dose of nonstandard in its mist; Ed Veal, Canadian golden cyclist, tried to break the Guinness Record for the most virtual miles crossed while on a stationary bike. He had to pedal for 24 hours, and cross more than 1.000 kilometers. Not only he did it, but he crushed that number – he did more than 1.530 kilometers! Of course, everything was measured and presented in real-time with Splunk dashboards.
 
Even more interesting was an acting megastar Matthew McConaughey who on the third day talked about his movies, but also on the way we use data, and the dangers of not thinking ahead. Some things can’t be fixed in post...
 
So, the .conf19 was interesting in every way, and we are looking forward to the next .conf20 that will be also held in Last Vegas this time next year.