SlideShare a Scribd company logo

Best Practices for a CoE

Splunk
Splunk

You and your colleagues are all doing great things with Splunk. But you seldom come together to share ideas, apps and best practices. This session will help you take Splunk to the next level by helping you establish a Splunk Center of Excellence (CoE) at your organization. The purpose of a COE is simple - to provide Splunk users an informal venue in which they can discuss ideas, diagnose challenges, share innovations and network with peers. This session will share the best practices you need to create and maintain a successful CoE practice.

Technology
1 of 38
Copyright © 2015 Splunk Inc. Best Practices for a Center of Excellence (COE) SplunkLive DC 2016 Clint Locker, Sr. PS Manager Midatlantic and Southeast
2 About Me Clint Locker – clocker@splunk.com Sr. PS Manager for Midatlantic and Southeast Regions Started with Splunk 4 years ago, delivered Professional Services for 2 years (may have deployed your environment, sorry in advance ) Managed over 400+ Splunk successful deployments Based in Arlington VA, lived in the area for close to 15 years, wife and I have a 8 month old boy William 2
3 Agenda • Evolution of Splunk Deployments • Components of a Splunk COE • Communication Framework • Training Recommendations • COE Assessment
4 Splunk Deployments Evolve Over TimeSplunk Deployments Evolve Over Time 4 Expansion Download Workgroup Enterprise Deployment • Enterprise standard • Large number of users • Many different use cases • Many different users • MultipleSplunk deployments • More sites • More geographies • More data sources More data volume InitialUser • Specific use case • Specific users
5 Turning Machine Data Into Operational Intelligence Search and Investigate Search and Investigate Proactive Monitoring and Alerting Operational Visibility Real-time Business Insight Proactive Reactive
6 What is COE? A Center of Excellence refers to a team, a shared facility or an entity that provides leadership, evangelization, best practices, research, support and/or training for a focus area.
7 Splunk Center of Excellence Goals Provide Splunk technical oversight Drive and communicate best practices Facilitate data on-boarding, user on- boarding, run book documentation Provide expertise focused on enablement Deliver support services to Splunk consumers
8 Key Success Factors  Program Management Office  Executive sponsorship  Project planning, communication, and process  Success Criteria Clearly Defined  Business requirements, use cases  Reports, alerts, dashboards  Create Deployment Plan  Architecture  Data/App on-boarding  Resourcing, staffing, training plan  Communications  Regular cadence from technical to executiv teams  Quarterly Business Reviews  Sustainment  Establish Splunk Center of Excellence
11 COE Sample Benefits 11 Challenge Solution Benefit What is on your mind? How can the COE help? Measure, improve, let us know! Lack of general knowledge and internal best practices for Splunk led to increased support calls. 30 minutes devoted to addressing end user needs and education of internal processes. Reduction of Splunk Support interactions by over 25% and faster time to value. A flurry of new dashboards led to decreased performance of system. Focused training sessions and advanced techniques education. Elimination of over 24 redundant panels and better overall system performance. Rapid adoption of Splunk led to a severe backlog to on-board desired data targets. Open discussion on process improvement, standards and requirements for new sources. Increased speed and efficiency of data onboarding process from 2 weeks to 48 hours on average.
12 Components of a Splunk COE Architecture & Infrastructure Operations Supporting Tools Staffing Data On-Boarding User On-Boarding Inform
13 Architecture & Infrastructure  Appropriate hardware sizing for indexing and search load  Physical cores only, hyperthreading does not count  SSD provides significant performance advantage  High performance storage  IOPS are critical  In distributed environments, dedicated IOPS are not cumulative  Measure with Bonnie++, SplunkIT, IOPS App  Current Splunk version  Clear upgrade path and process  Proactive capacity planning  Understand unit of scale for hardware  Map growth curve for data and users
Best Practice – Service Levels Characteristics Staging Class C Class B Class A Infrastructure Shared Shared Federated Dedicated Use Case Value Low (testing) Low (discovery) Medium (visible, supporting tools) High (revenue/service impacting) Retention Short (2-4 weeks) Short (1-3 months) Medium (3-6 months) Long (6-12 months) Security/Access Basic Basic Moderate Strong Chargeback None Simple Mixed Complex SLA None Lowest Moderate High Geography Single Single Multiple Single/Multiple HA/DR None None Partially Resilient Fully Resilient
15 Operations & Supporting Tools  Configuration Management  Common: Puppet/Chef  Splunk: Deployment Server  Change Management  Version control  Service ticketing  Deployment  System Health Monitoring  System capacity and performance  Splunk tools: Unix App, Windows App, VMware App, NetApp App  Splunk Health Monitoring  Splunk on Splunk App  Fire Brigade App  Sanity App
16 Staffing 1 A successful and scalable deployment of Splunk relies on the orchestration of key roles and responsibilities, primarily centered around:  Architecture  Administration  User adoption (Power User)  Application development
17 Splunk Architect Role 1 Responsibility • Accountable for the design of the Splunk architecture • Fully understands concepts and best practices for sizing, scaling, and deploying Splunk across your organization so that performance meets current and future needs • Works with power users to determine which data sources should be indexed to meet each department’s needs Recommendation • 1 to 2 Splunk Architects • Part time for < 500GB; 1 Full time for 500GB to 1TB; 2 for >1TB • Note: if deploying Splunk Cloud, assume only 25% of above resources are required
18 Splunk Admin Role 1 Responsibility • Maintains the Splunk software and it’s infrastructure for optimal performance • Adds data sources to the Splunk platform according to Power User needs • Assist power users with the development of advanced dashboards, alerting and reporting Recommendation • 1 to 2 Splunk Admins depending on size of implementation • Part time for < 500GB; 1 Full time for 500GB to 1TB; 2+ for >1TB • Note: if deploying Splunk Cloud, assume only 25% of above resources are required
19 Splunk Power User Role 1 Responsibility • Works with their group to identify opportunities where Splunk can provide value • Collaborates with the Splunk admin(s) to add new data sources to address their requirements • Provides basic support for new and existing reports and dashboards to their group from investigative keyword searches to creating rich reports and visualizations to becoming a Splunk search ninja! Recommendation • 1 part-time power user per user group
20 Splunk Developer Role 2 Responsibility • Splunk developers are only required if applications are developed on top of the Splunk platform • Create rich, interactive dashboards and forms, and package Splunk knowledge objects for distribution across your organization
21 Basic Communication Framework 2 Architect Admin Works with power users to determine which data sources should be indexed to meet each department’s needs Scales the Splunk architecture to meet business demand Power Users Department Users Adds data sources to the Splunk platform according to business needs Assist power users with the development of advanced dashboards, alerting and reporting Maintains the Splunk SW and it’s infrastructure for optimal performance 1 Power user per department Provides basic support for new and existing reports and dashboards Works with their group to identify opportunities where Splunk can provide value
22 Splunk Classes 2 Splunk Roles Using Splunk Splunk Administration Searching and Reporting Creating Knowledge Objects Advanced Searching & Reporting Developing Apps with Splunk Developing with Splunk SDKs Architect Required Required Optional Optional Optional Optional Optional Admin Required Required Optional Optional Power User Required Required Required Optional Developer Required Optional Required Required Optional Required Optional for Splunk on-premises
23 Splunk Classes 2 Splunk Roles Using Splunk Splunk Administration Searching and Reporting Creating Knowledge Objects Advanced Searching & Reporting Developing Apps with Splunk Developing with Splunk SDKs Architect Required Optional Optional Optional Optional Optional Admin Required Optional Optional Power User Required Required Required Optional Developer Required Required Required Optional Required Optional for Splunk Cloud
24 Data On-Boarding  Define on-boarding process for new data sources / apps  Repeatable, documented process  Provide customer interview forum or survey  Integrate with service workflow New Data Source Request  Provide a data sample  Describe the data’s structure  timestamp | timezone  single-/multi-line  sourcetype  interesting fields  Describe initial uses for the data  searches | alerts | reports | dashboards  How to collect the data?  UF | syslog | API  How long to retain the data?  Who should have access?  Apply Common information Model  Are there TA’s available?  Validate
25 User On-Boarding  Orientation for new users  Develop training program  Splunk instructor-led online/onsite courses  Get started with Splunk videos  Advancement for experienced users  Continuing education  Splunk workshops  Office Hours  Where to get help?  How to contact <Company> Splunk team  Internal/external email lists, chat group  Splunk Answers
26 Inform  Track Value and ROI  Document Use Cases  Expert Showcases  Internal knowledge sharing  Develop power users  Tip of the Week/Month  Contests  Search competition  Use case drive  Regular Newsletter Splunk Accelerates Troubleshooting An expressive troubleshooting dashboard shines a bright light on any part of the infrastructure exceeding reasonable performance thresholds. Less Screwing Up, More Drilling Down Application and site performance is often dependent on system performance. Splunk’s monitoring probes through layers to collect high resolution CPU statistics.
27 Example Meetings  User Group  Splunk in Action  Ask Splunk  Open Office Hours  Splunk Administrators Group  Architecture and Administration topics  Splunk Developers Group  App, UI and API topics  Splunk Lunch & Learn  Education topics  Splunk Support Session  Support case review  Quarterly Business Reviews  Vendor Management Office
28 COE Success – Be Visible & Valuable • Create a Knowledge Management Portal for Splunk resource – Publish company specific policies & procedures – Publish Naming Standards – Publish Data Onboarding guidelines – Link to Splunk.com resources • Aggregate Training Needs from Line of Businesses • Conduct regular meetings for Line of Business Users – General User Group for Best Practice Sharing – Specialized meetings for Administrators, Developers, etc. – Lunch & Learn Sessions for informal training 2
29 Use Case Documentation (Examples) Splunk Monitors Proactively for Threat Patterns Alongside historical trending and analysis for monthly and incident reports, Splunk alerts the Fraud Detection team to similar patterns emerging across systems or locales in real time. Email alerts also promote standardization in capturing and exposing critical information. Splunk Secures Access for Independent Forensics Role-based controls provide shielded views into data. Incident investigations no longer require highly paid security professionals for pattern tracking and reporting. Empowering customer service or individual financial institutions to research independently and securely reduced incident response time from hours to minutes. Splunk Detects $5M in Attempted Fraud Correlation by transaction, time and geography identifies all elements in the infrastructure exposed to nefarious activity originating internally or externally. In one incident, Splunk’s transaction tracing and geoip mapping abilities identified 15 banks located in the same region exhibiting a similar fraud pattern. The activity was tracked to a single shared data processing vendor which had been compromised.
30 Partner with Splunk Teams  Account Team  Account Manager  Sales Engineer (SE)  Specialists (Security, IT SI, etc.)  Support Team  Designated Support Engineer (DSE)  Customer Success Manager (CSM)  Education  Standard curriculum (online/onsite)  Boot camps  Customized curriculum  Professional Services Team  Project-based (e.g. Deployment, Health Checks, Upgrades, App Development)  Technical Advisory Services (TAS)  Center of Excellence Advisory Services  Customer Advisory & Success Teams (CAST)  Dedicated Splunk Advisory Engineers  Faster time to value and adoption
31  Splunk User Groups  Community driven  Bootstrapped by Splunk  Locally every 2-3 months  SplunkLive!  Worldwide customer events  Technical workshops for beginner and advanced users  Local events held yearly  Annual Worldwide Users Conference  September 26-29, 2016 in Orlando FL, Disney World  3+ days, 130+ sessions, 4000+ enthusiasts  Splunk Answers Desk, SplunkBase Lab, Chalk Talks, Search Party, Hackathon Get Social with Splunk Events 3 www.splunk.com > Events
SEPT 26-29, 2016 WALT DISNEY WORLD, ORLANDO SWAN AND DOLPHIN RESORTS • 5000+ IT & Business Professionals • 3 days of technical content • 165+ sessions • 80+ Customer Speakers • 35+ Apps in Splunk Apps Showcase • 75+ Technology Partners • 1:1 networking: Ask The Experts and Security Experts, Birds of a Feather and Chalk Talks • NEW hands-on labs! • Expanded show floor, Dashboards Control Room & Clinic, and MORE! The 7th Annual Splunk Worldwide Users’ Conference PLUS Splunk University • Three days: Sept 24-26, 2016 • Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP • Save thousands on Splunk education!
Copyright © 2015 Splunk Inc. Next Steps COE Assessment
34 Splunk Architect Training Splunk Architect(s) Using Splunk Splunk Administration Searching and Reporting Creating Knowledge Objects Advanced Searching & Reporting Developing Apps with Splunk Developing with Splunk SDKs • # name • # name = Splunk training completed= Required = Optional = Training required but not completed = Optional training not completed Instructions: List the names and color code the cells as green, red or leave blank, based on legend below
35 Splunk Admin Training Splunk Administrator(s) Using Splunk Splunk Administration Searching and Reporting Creating Knowledge Objects Advanced Searching & Reporting Developing Apps with Splunk Developing with Splunk SDKs • #name • #name • #name = Splunk training completed= Required = Optional = Training required but not completed = Optional training not completed Instructions: List the names and color code the cells as green, red or leave blank, based on legend below
36 Splunk Power User Training Splunk Power User(s) Using Splunk Splunk Administration Searching and Reporting Creating Knowledge Objects Advanced Searching & Reporting Developing Apps with Splunk Developing with Splunk SDKs Server Team • # name Network Team • # name Middleware Team • # name DBA Team • # name App Support Team • # name App Development • # name Security Team • # name = Splunk training completed= Required = Optional = Training required but not completed = Optional training not completed Instructions: List the names and color code the cells as green, red or leave blank, based on legend below
37 Splunk Developer Training Splunk Developer(s) Using Splunk Splunk Administration Searching and Reporting Creating Knowledge Objects Advanced Searching & Reporting Developing Apps with Splunk Developing with Splunk SDKs • # name • # name • # name • # name = Splunk training completed= Required = Optional = Training required but not completed = Optional training not completed Instructions: This slide is optional and only applies IF there are plans to develop applications on top of Splunk. List the names and color code the cells as green, red or leave blank, based on legend below
38 Your Splunk COE Splunk Architect Doug Splunk Administrator Kevin Splunk Developer Suzie UX Admins Power User Bob Network Power User Mark DBA Power User Dave ecommerce Power User Tony example = Fully Trained = Partially Trained = Not assigned Splunk Developer Todd Instructions: add / remove boxes as needed. Include existing and future user groups. Color code each box based on legend below
39 Splunk COE Recommendations Roles Assignments • A • B • C Required Training • A • B • C architect admin developer power user Instructions: add recommendations to address role gaps with current and future user groups. 1 person may carry more than 1 role, however Power Users are usually different from team to team. Instructions: add recommendations to address training gaps for current and future user groups.
Thank You

Recommended

Enterprise Architecture Management (EAM) I Best Practices I NuggetHub
Enterprise Architecture Management (EAM) I Best Practices I NuggetHubEnterprise Architecture Management (EAM) I Best Practices I NuggetHub
Enterprise Architecture Management (EAM) I Best Practices I NuggetHubRichardNowack
 
Enterprise Architecture, Project Management & Digital Transformation
Enterprise Architecture, Project Management & Digital TransformationEnterprise Architecture, Project Management & Digital Transformation
Enterprise Architecture, Project Management & Digital TransformationRiaz A. Khan, OpenCA, TOGAF
 
Define an EA Operating Model
Define an EA Operating ModelDefine an EA Operating Model
Define an EA Operating ModelInfo-Tech Research Group
 
Power Platform Governance
Power Platform GovernancePower Platform Governance
Power Platform GovernanceDaniel Laskewitz
 
IMPLEMENTATION BEST PRACTICES Sep 22.pdf
IMPLEMENTATION BEST PRACTICES Sep 22.pdfIMPLEMENTATION BEST PRACTICES Sep 22.pdf
IMPLEMENTATION BEST PRACTICES Sep 22.pdfudayabhaskar42
 
IT Demand and Delivery Management
IT Demand and Delivery ManagementIT Demand and Delivery Management
IT Demand and Delivery ManagementDavid Messineo
 
An Introduction into the design of business using business architecture
An Introduction into the design of business using business architectureAn Introduction into the design of business using business architecture
An Introduction into the design of business using business architectureCraig Martin
 
Practical Enterprise Architecture in Medium-size Corporation using TOGAF
Practical Enterprise Architecture in Medium-size Corporation using TOGAFPractical Enterprise Architecture in Medium-size Corporation using TOGAF
Practical Enterprise Architecture in Medium-size Corporation using TOGAFMichael Sukachev
 

Recommended

Enterprise Architecture Management (EAM) I Best Practices I NuggetHub
Enterprise Architecture Management (EAM) I Best Practices I NuggetHubEnterprise Architecture Management (EAM) I Best Practices I NuggetHub
Enterprise Architecture Management (EAM) I Best Practices I NuggetHubRichardNowack
 
Enterprise Architecture, Project Management & Digital Transformation
Enterprise Architecture, Project Management & Digital TransformationEnterprise Architecture, Project Management & Digital Transformation
Enterprise Architecture, Project Management & Digital TransformationRiaz A. Khan, OpenCA, TOGAF
 
Define an EA Operating Model
Define an EA Operating ModelDefine an EA Operating Model
Define an EA Operating ModelInfo-Tech Research Group
 
Power Platform Governance
Power Platform GovernancePower Platform Governance
Power Platform GovernanceDaniel Laskewitz
 
IMPLEMENTATION BEST PRACTICES Sep 22.pdf
IMPLEMENTATION BEST PRACTICES Sep 22.pdfIMPLEMENTATION BEST PRACTICES Sep 22.pdf
IMPLEMENTATION BEST PRACTICES Sep 22.pdfudayabhaskar42
 
IT Demand and Delivery Management
IT Demand and Delivery ManagementIT Demand and Delivery Management
IT Demand and Delivery ManagementDavid Messineo
 
An Introduction into the design of business using business architecture
An Introduction into the design of business using business architectureAn Introduction into the design of business using business architecture
An Introduction into the design of business using business architectureCraig Martin
 
Practical Enterprise Architecture in Medium-size Corporation using TOGAF
Practical Enterprise Architecture in Medium-size Corporation using TOGAFPractical Enterprise Architecture in Medium-size Corporation using TOGAF
Practical Enterprise Architecture in Medium-size Corporation using TOGAFMichael Sukachev
 
Explore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of ExcellenceExplore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of ExcellenceNanddeep Nachan
 
Enterprise Architecture & Project Portfolio Management 2/2
Enterprise Architecture & Project Portfolio Management 2/2Enterprise Architecture & Project Portfolio Management 2/2
Enterprise Architecture & Project Portfolio Management 2/2Jean Gehring
 
Intelligent automation with Microsoft Power Automate
Intelligent automation with Microsoft Power AutomateIntelligent automation with Microsoft Power Automate
Intelligent automation with Microsoft Power AutomateDaniel Laskewitz
 
ITIL4 and ServiceNow
ITIL4 and ServiceNowITIL4 and ServiceNow
ITIL4 and ServiceNowITSM Academy, Inc.
 
A tailored enterprise architecture maturity model
A tailored enterprise architecture maturity modelA tailored enterprise architecture maturity model
A tailored enterprise architecture maturity modelPaul Sullivan
 
ServiceNow ITSM Overview
ServiceNow ITSM OverviewServiceNow ITSM Overview
ServiceNow ITSM OverviewJade Global
 
How to Articulate the Value of Enterprise Architecture
How to Articulate the Value of Enterprise ArchitectureHow to Articulate the Value of Enterprise Architecture
How to Articulate the Value of Enterprise Architecturecccamericas
 
Center of Excellence Building Blocks
Center of Excellence Building BlocksCenter of Excellence Building Blocks
Center of Excellence Building BlocksArup Dutta
 
ITSM & JIRA Service Desk
ITSM & JIRA Service DeskITSM & JIRA Service Desk
ITSM & JIRA Service DeskAmbientia
 
Enterprise Architecture for Dummies
Enterprise Architecture for DummiesEnterprise Architecture for Dummies
Enterprise Architecture for DummiesSebastien Juras
 
Togaf introduction and core concepts
Togaf introduction and core conceptsTogaf introduction and core concepts
Togaf introduction and core conceptsPaul Sullivan
 
Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022Smart ERP Solutions, Inc.
 
MuleSoft PKO - C4E and Platform Insights
MuleSoft PKO - C4E and Platform InsightsMuleSoft PKO - C4E and Platform Insights
MuleSoft PKO - C4E and Platform InsightsAngel Alberici
 
Managed Services Overview
Managed Services OverviewManaged Services Overview
Managed Services OverviewSVAM International, Inc.
 
Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...Alan McSweeney
 
The First 100 Days for a New CIO - Using the Innovation Value Institute IT Ca...
The First 100 Days for a New CIO - Using the Innovation Value Institute IT Ca...The First 100 Days for a New CIO - Using the Innovation Value Institute IT Ca...
The First 100 Days for a New CIO - Using the Innovation Value Institute IT Ca...Alan McSweeney
 
Understanding the Salesforce Architecture: How We Do the Magic We Do
Understanding the Salesforce Architecture: How We Do the Magic We DoUnderstanding the Salesforce Architecture: How We Do the Magic We Do
Understanding the Salesforce Architecture: How We Do the Magic We DoSalesforce Developers
 
A Summary of TOGAF's Architecture Capability Framework
A Summary of TOGAF's Architecture Capability FrameworkA Summary of TOGAF's Architecture Capability Framework
A Summary of TOGAF's Architecture Capability FrameworkPaul Sullivan
 
Approach To It Strategy And Architecture
Approach To It Strategy And ArchitectureApproach To It Strategy And Architecture
Approach To It Strategy And ArchitectureAlan McSweeney
 
Maximising The Value and Benefits of Enterprise Architecture
Maximising The Value and Benefits of Enterprise ArchitectureMaximising The Value and Benefits of Enterprise Architecture
Maximising The Value and Benefits of Enterprise ArchitectureAlan McSweeney
 
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk
 
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitSplunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitErin Sweeney
 

More Related Content

What's hot

Explore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of ExcellenceExplore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of ExcellenceNanddeep Nachan
 
Enterprise Architecture & Project Portfolio Management 2/2
Enterprise Architecture & Project Portfolio Management 2/2Enterprise Architecture & Project Portfolio Management 2/2
Enterprise Architecture & Project Portfolio Management 2/2Jean Gehring
 
Intelligent automation with Microsoft Power Automate
Intelligent automation with Microsoft Power AutomateIntelligent automation with Microsoft Power Automate
Intelligent automation with Microsoft Power AutomateDaniel Laskewitz
 
A tailored enterprise architecture maturity model
A tailored enterprise architecture maturity modelA tailored enterprise architecture maturity model
A tailored enterprise architecture maturity modelPaul Sullivan
 
ServiceNow ITSM Overview
ServiceNow ITSM OverviewServiceNow ITSM Overview
ServiceNow ITSM OverviewJade Global
 
How to Articulate the Value of Enterprise Architecture
How to Articulate the Value of Enterprise ArchitectureHow to Articulate the Value of Enterprise Architecture
How to Articulate the Value of Enterprise Architecturecccamericas
 
Center of Excellence Building Blocks
Center of Excellence Building BlocksCenter of Excellence Building Blocks
Center of Excellence Building BlocksArup Dutta
 
ITSM & JIRA Service Desk
ITSM & JIRA Service DeskITSM & JIRA Service Desk
ITSM & JIRA Service DeskAmbientia
 
Enterprise Architecture for Dummies
Enterprise Architecture for DummiesEnterprise Architecture for Dummies
Enterprise Architecture for DummiesSebastien Juras
 
Togaf introduction and core concepts
Togaf introduction and core conceptsTogaf introduction and core concepts
Togaf introduction and core conceptsPaul Sullivan
 
Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022Smart ERP Solutions, Inc.
 
MuleSoft PKO - C4E and Platform Insights
MuleSoft PKO - C4E and Platform InsightsMuleSoft PKO - C4E and Platform Insights
MuleSoft PKO - C4E and Platform InsightsAngel Alberici
 
Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...Alan McSweeney
 
The First 100 Days for a New CIO - Using the Innovation Value Institute IT Ca...
The First 100 Days for a New CIO - Using the Innovation Value Institute IT Ca...The First 100 Days for a New CIO - Using the Innovation Value Institute IT Ca...
The First 100 Days for a New CIO - Using the Innovation Value Institute IT Ca...Alan McSweeney
 
Understanding the Salesforce Architecture: How We Do the Magic We Do
Understanding the Salesforce Architecture: How We Do the Magic We DoUnderstanding the Salesforce Architecture: How We Do the Magic We Do
Understanding the Salesforce Architecture: How We Do the Magic We DoSalesforce Developers
 
A Summary of TOGAF's Architecture Capability Framework
A Summary of TOGAF's Architecture Capability FrameworkA Summary of TOGAF's Architecture Capability Framework
A Summary of TOGAF's Architecture Capability FrameworkPaul Sullivan
 
Approach To It Strategy And Architecture
Approach To It Strategy And ArchitectureApproach To It Strategy And Architecture
Approach To It Strategy And ArchitectureAlan McSweeney
 
Maximising The Value and Benefits of Enterprise Architecture
Maximising The Value and Benefits of Enterprise ArchitectureMaximising The Value and Benefits of Enterprise Architecture
Maximising The Value and Benefits of Enterprise ArchitectureAlan McSweeney
 

What's hot (20)

Explore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of ExcellenceExplore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of Excellence
 
Enterprise Architecture & Project Portfolio Management 2/2
Enterprise Architecture & Project Portfolio Management 2/2Enterprise Architecture & Project Portfolio Management 2/2
Enterprise Architecture & Project Portfolio Management 2/2
 
Intelligent automation with Microsoft Power Automate
Intelligent automation with Microsoft Power AutomateIntelligent automation with Microsoft Power Automate
Intelligent automation with Microsoft Power Automate
 
ITIL4 and ServiceNow
ITIL4 and ServiceNowITIL4 and ServiceNow
ITIL4 and ServiceNow
 
A tailored enterprise architecture maturity model
A tailored enterprise architecture maturity modelA tailored enterprise architecture maturity model
A tailored enterprise architecture maturity model
 
ServiceNow ITSM Overview
ServiceNow ITSM OverviewServiceNow ITSM Overview
ServiceNow ITSM Overview
 
How to Articulate the Value of Enterprise Architecture
How to Articulate the Value of Enterprise ArchitectureHow to Articulate the Value of Enterprise Architecture
How to Articulate the Value of Enterprise Architecture
 
Center of Excellence Building Blocks
Center of Excellence Building BlocksCenter of Excellence Building Blocks
Center of Excellence Building Blocks
 
ITSM & JIRA Service Desk
ITSM & JIRA Service DeskITSM & JIRA Service Desk
ITSM & JIRA Service Desk
 
Enterprise Architecture for Dummies
Enterprise Architecture for DummiesEnterprise Architecture for Dummies
Enterprise Architecture for Dummies
 
Togaf introduction and core concepts
Togaf introduction and core conceptsTogaf introduction and core concepts
Togaf introduction and core concepts
 
Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022
 
MuleSoft PKO - C4E and Platform Insights
MuleSoft PKO - C4E and Platform InsightsMuleSoft PKO - C4E and Platform Insights
MuleSoft PKO - C4E and Platform Insights
 
Managed Services Overview
Managed Services OverviewManaged Services Overview
Managed Services Overview
 
Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...
 
The First 100 Days for a New CIO - Using the Innovation Value Institute IT Ca...
The First 100 Days for a New CIO - Using the Innovation Value Institute IT Ca...The First 100 Days for a New CIO - Using the Innovation Value Institute IT Ca...
The First 100 Days for a New CIO - Using the Innovation Value Institute IT Ca...
 
Understanding the Salesforce Architecture: How We Do the Magic We Do
Understanding the Salesforce Architecture: How We Do the Magic We DoUnderstanding the Salesforce Architecture: How We Do the Magic We Do
Understanding the Salesforce Architecture: How We Do the Magic We Do
 
A Summary of TOGAF's Architecture Capability Framework
A Summary of TOGAF's Architecture Capability FrameworkA Summary of TOGAF's Architecture Capability Framework
A Summary of TOGAF's Architecture Capability Framework
 
Approach To It Strategy And Architecture
Approach To It Strategy And ArchitectureApproach To It Strategy And Architecture
Approach To It Strategy And Architecture
 
Maximising The Value and Benefits of Enterprise Architecture
Maximising The Value and Benefits of Enterprise ArchitectureMaximising The Value and Benefits of Enterprise Architecture
Maximising The Value and Benefits of Enterprise Architecture
 

Viewers also liked

Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk
 
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitSplunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitErin Sweeney
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Splunk
 
Business Process Maturity and Centers of Excellence
Business Process Maturity and Centers of ExcellenceBusiness Process Maturity and Centers of Excellence
Business Process Maturity and Centers of ExcellenceSandy Kemsley
 
Building a SAP COE. From Weeding to Marriage
Building a SAP COE. From Weeding to MarriageBuilding a SAP COE. From Weeding to Marriage
Building a SAP COE. From Weeding to MarriageMiguel Mejia
 
Building Big Data Analytics Center Of Excellence
Building Big Data Analytics Center Of Excellence Building Big Data Analytics Center Of Excellence
Building Big Data Analytics Center Of Excellence Dr. Mohan K. Bavirisetty
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionSplunk
 
Centre of Excellence Implementation
Centre of Excellence ImplementationCentre of Excellence Implementation
Centre of Excellence Implementationjacklinl
 
BPM Center of Excellence
BPM Center of ExcellenceBPM Center of Excellence
BPM Center of ExcellenceSandy Kemsley
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerSplunk
 
Infusing EPM in people and process
Infusing EPM in people and processInfusing EPM in people and process
Infusing EPM in people and processRavi Tirumalai
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunk
 
Malaysia: The Global Data Centre of Excellence
Malaysia: The Global Data Centre of ExcellenceMalaysia: The Global Data Centre of Excellence
Malaysia: The Global Data Centre of ExcellenceRob Cayzer
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionSplunk
 
Taking Splunk to the Next Level - Technical
Taking Splunk to the Next Level - TechnicalTaking Splunk to the Next Level - Technical
Taking Splunk to the Next Level - TechnicalSplunk
 

Viewers also liked (20)

Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
 
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitSplunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session
 
Business Process Maturity and Centers of Excellence
Business Process Maturity and Centers of ExcellenceBusiness Process Maturity and Centers of Excellence
Business Process Maturity and Centers of Excellence
 
Building a SAP COE. From Weeding to Marriage
Building a SAP COE. From Weeding to MarriageBuilding a SAP COE. From Weeding to Marriage
Building a SAP COE. From Weeding to Marriage
 
Building Big Data Analytics Center Of Excellence
Building Big Data Analytics Center Of Excellence Building Big Data Analytics Center Of Excellence
Building Big Data Analytics Center Of Excellence
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout Session
 
Centre of Excellence Implementation
Centre of Excellence ImplementationCentre of Excellence Implementation
Centre of Excellence Implementation
 
Building your Center of Excellence
Building your Center of ExcellenceBuilding your Center of Excellence
Building your Center of Excellence
 
BPM Center of Excellence
BPM Center of ExcellenceBPM Center of Excellence
BPM Center of Excellence
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - Manager
 
COE Group plc
COE Group plcCOE Group plc
COE Group plc
 
Infusing EPM in people and process
Infusing EPM in people and processInfusing EPM in people and process
Infusing EPM in people and process
 
Microsoft Capability Document
Microsoft Capability DocumentMicrosoft Capability Document
Microsoft Capability Document
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
 
Krypt GTS COE
Krypt GTS COEKrypt GTS COE
Krypt GTS COE
 
Malaysia: The Global Data Centre of Excellence
Malaysia: The Global Data Centre of ExcellenceMalaysia: The Global Data Centre of Excellence
Malaysia: The Global Data Centre of Excellence
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout Session
 
Taking Splunk to the Next Level - Technical
Taking Splunk to the Next Level - TechnicalTaking Splunk to the Next Level - Technical
Taking Splunk to the Next Level - Technical
 

Similar to Best Practices for a CoE

Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk
 
Splunk for Machine Learning and Analytics
Splunk for Machine Learning and AnalyticsSplunk for Machine Learning and Analytics
Splunk for Machine Learning and AnalyticsSplunk
 
SplunkLive! Chicago April 2013 - CME Group
SplunkLive! Chicago April 2013 - CME GroupSplunkLive! Chicago April 2013 - CME Group
SplunkLive! Chicago April 2013 - CME GroupSplunk
 
Alliance 2017 3891-University of California | Office of The President People...
Alliance 2017 3891-University of California | Office of The President People...Alliance 2017 3891-University of California | Office of The President People...
Alliance 2017 3891-University of California | Office of The President People...Smart ERP Solutions, Inc.
 
FlorenceAI: Reinventing Data Science at Humana
FlorenceAI: Reinventing Data Science at HumanaFlorenceAI: Reinventing Data Science at Humana
FlorenceAI: Reinventing Data Science at HumanaDatabricks
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk
 
SplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunk
 
Splunk in Staples: IT Operations
Splunk in Staples: IT OperationsSplunk in Staples: IT Operations
Splunk in Staples: IT OperationsTimur Bagirov
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
 
SplunkLive! London 2015 - DevOps Breakout
SplunkLive! London 2015 - DevOps BreakoutSplunkLive! London 2015 - DevOps Breakout
SplunkLive! London 2015 - DevOps BreakoutSplunk
 
Taking Splunk to the Next Level - Management Breakout Session
Taking Splunk to the Next Level - Management Breakout SessionTaking Splunk to the Next Level - Management Breakout Session
Taking Splunk to the Next Level - Management Breakout SessionSplunk
 
Chapter 10
Chapter 10Chapter 10
Chapter 10bodo-con
 
Quelles nouveautés avec la version 6.5 de Splunk Enterprise
Quelles nouveautés avec la version 6.5 de Splunk EnterpriseQuelles nouveautés avec la version 6.5 de Splunk Enterprise
Quelles nouveautés avec la version 6.5 de Splunk EnterpriseSplunk
 
Listen to Your Machines: DevOps Analytics for Better Feedback Loops
Listen to Your Machines: DevOps Analytics for Better Feedback LoopsListen to Your Machines: DevOps Analytics for Better Feedback Loops
Listen to Your Machines: DevOps Analytics for Better Feedback LoopsSplunk
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionSplunk
 
SplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal HealthSplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal HealthSplunk
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnSplunk
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionSplunk
 

Similar to Best Practices for a CoE (20)

Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout Session
 
Splunk for Machine Learning and Analytics
Splunk for Machine Learning and AnalyticsSplunk for Machine Learning and Analytics
Splunk for Machine Learning and Analytics
 
SplunkLive! Chicago April 2013 - CME Group
SplunkLive! Chicago April 2013 - CME GroupSplunkLive! Chicago April 2013 - CME Group
SplunkLive! Chicago April 2013 - CME Group
 
UCPath at UCOP
UCPath at UCOPUCPath at UCOP
UCPath at UCOP
 
Alliance 2017 3891-University of California | Office of The President People...
Alliance 2017 3891-University of California | Office of The President People...Alliance 2017 3891-University of California | Office of The President People...
Alliance 2017 3891-University of California | Office of The President People...
 
FlorenceAI: Reinventing Data Science at Humana
FlorenceAI: Reinventing Data Science at HumanaFlorenceAI: Reinventing Data Science at Humana
FlorenceAI: Reinventing Data Science at Humana
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS)
 
SplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - Staples
 
Splunk in Staples: IT Operations
Splunk in Staples: IT OperationsSplunk in Staples: IT Operations
Splunk in Staples: IT Operations
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
 
SplunkLive! London 2015 - DevOps Breakout
SplunkLive! London 2015 - DevOps BreakoutSplunkLive! London 2015 - DevOps Breakout
SplunkLive! London 2015 - DevOps Breakout
 
Taking Splunk to the Next Level - Management Breakout Session
Taking Splunk to the Next Level - Management Breakout SessionTaking Splunk to the Next Level - Management Breakout Session
Taking Splunk to the Next Level - Management Breakout Session
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
 
Splunk
SplunkSplunk
Splunk
 
Quelles nouveautés avec la version 6.5 de Splunk Enterprise
Quelles nouveautés avec la version 6.5 de Splunk EnterpriseQuelles nouveautés avec la version 6.5 de Splunk Enterprise
Quelles nouveautés avec la version 6.5 de Splunk Enterprise
 
Listen to Your Machines: DevOps Analytics for Better Feedback Loops
Listen to Your Machines: DevOps Analytics for Better Feedback LoopsListen to Your Machines: DevOps Analytics for Better Feedback Loops
Listen to Your Machines: DevOps Analytics for Better Feedback Loops
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
SplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal HealthSplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal Health
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Best Practices for a CoE

  • 1. Copyright © 2015 Splunk Inc. Best Practices for a Center of Excellence (COE) SplunkLive DC 2016 Clint Locker, Sr. PS Manager Midatlantic and Southeast
  • 2. 2 About Me Clint Locker – clocker@splunk.com Sr. PS Manager for Midatlantic and Southeast Regions Started with Splunk 4 years ago, delivered Professional Services for 2 years (may have deployed your environment, sorry in advance ) Managed over 400+ Splunk successful deployments Based in Arlington VA, lived in the area for close to 15 years, wife and I have a 8 month old boy William 2
  • 3. 3 Agenda • Evolution of Splunk Deployments • Components of a Splunk COE • Communication Framework • Training Recommendations • COE Assessment
  • 4. 4 Splunk Deployments Evolve Over TimeSplunk Deployments Evolve Over Time 4 Expansion Download Workgroup Enterprise Deployment • Enterprise standard • Large number of users • Many different use cases • Many different users • MultipleSplunk deployments • More sites • More geographies • More data sources More data volume InitialUser • Specific use case • Specific users
  • 5. 5 Turning Machine Data Into Operational Intelligence Search and Investigate Search and Investigate Proactive Monitoring and Alerting Operational Visibility Real-time Business Insight Proactive Reactive
  • 6. 6 What is COE? A Center of Excellence refers to a team, a shared facility or an entity that provides leadership, evangelization, best practices, research, support and/or training for a focus area.
  • 7. 7 Splunk Center of Excellence Goals Provide Splunk technical oversight Drive and communicate best practices Facilitate data on-boarding, user on- boarding, run book documentation Provide expertise focused on enablement Deliver support services to Splunk consumers
  • 8. 8 Key Success Factors  Program Management Office  Executive sponsorship  Project planning, communication, and process  Success Criteria Clearly Defined  Business requirements, use cases  Reports, alerts, dashboards  Create Deployment Plan  Architecture  Data/App on-boarding  Resourcing, staffing, training plan  Communications  Regular cadence from technical to executiv teams  Quarterly Business Reviews  Sustainment  Establish Splunk Center of Excellence
  • 9. 11 COE Sample Benefits 11 Challenge Solution Benefit What is on your mind? How can the COE help? Measure, improve, let us know! Lack of general knowledge and internal best practices for Splunk led to increased support calls. 30 minutes devoted to addressing end user needs and education of internal processes. Reduction of Splunk Support interactions by over 25% and faster time to value. A flurry of new dashboards led to decreased performance of system. Focused training sessions and advanced techniques education. Elimination of over 24 redundant panels and better overall system performance. Rapid adoption of Splunk led to a severe backlog to on-board desired data targets. Open discussion on process improvement, standards and requirements for new sources. Increased speed and efficiency of data onboarding process from 2 weeks to 48 hours on average.
  • 10. 12 Components of a Splunk COE Architecture & Infrastructure Operations Supporting Tools Staffing Data On-Boarding User On-Boarding Inform
  • 11. 13 Architecture & Infrastructure  Appropriate hardware sizing for indexing and search load  Physical cores only, hyperthreading does not count  SSD provides significant performance advantage  High performance storage  IOPS are critical  In distributed environments, dedicated IOPS are not cumulative  Measure with Bonnie++, SplunkIT, IOPS App  Current Splunk version  Clear upgrade path and process  Proactive capacity planning  Understand unit of scale for hardware  Map growth curve for data and users
  • 12. Best Practice – Service Levels Characteristics Staging Class C Class B Class A Infrastructure Shared Shared Federated Dedicated Use Case Value Low (testing) Low (discovery) Medium (visible, supporting tools) High (revenue/service impacting) Retention Short (2-4 weeks) Short (1-3 months) Medium (3-6 months) Long (6-12 months) Security/Access Basic Basic Moderate Strong Chargeback None Simple Mixed Complex SLA None Lowest Moderate High Geography Single Single Multiple Single/Multiple HA/DR None None Partially Resilient Fully Resilient
  • 13. 15 Operations & Supporting Tools  Configuration Management  Common: Puppet/Chef  Splunk: Deployment Server  Change Management  Version control  Service ticketing  Deployment  System Health Monitoring  System capacity and performance  Splunk tools: Unix App, Windows App, VMware App, NetApp App  Splunk Health Monitoring  Splunk on Splunk App  Fire Brigade App  Sanity App
  • 14. 16 Staffing 1 A successful and scalable deployment of Splunk relies on the orchestration of key roles and responsibilities, primarily centered around:  Architecture  Administration  User adoption (Power User)  Application development
  • 15. 17 Splunk Architect Role 1 Responsibility • Accountable for the design of the Splunk architecture • Fully understands concepts and best practices for sizing, scaling, and deploying Splunk across your organization so that performance meets current and future needs • Works with power users to determine which data sources should be indexed to meet each department’s needs Recommendation • 1 to 2 Splunk Architects • Part time for < 500GB; 1 Full time for 500GB to 1TB; 2 for >1TB • Note: if deploying Splunk Cloud, assume only 25% of above resources are required
  • 16. 18 Splunk Admin Role 1 Responsibility • Maintains the Splunk software and it’s infrastructure for optimal performance • Adds data sources to the Splunk platform according to Power User needs • Assist power users with the development of advanced dashboards, alerting and reporting Recommendation • 1 to 2 Splunk Admins depending on size of implementation • Part time for < 500GB; 1 Full time for 500GB to 1TB; 2+ for >1TB • Note: if deploying Splunk Cloud, assume only 25% of above resources are required
  • 17. 19 Splunk Power User Role 1 Responsibility • Works with their group to identify opportunities where Splunk can provide value • Collaborates with the Splunk admin(s) to add new data sources to address their requirements • Provides basic support for new and existing reports and dashboards to their group from investigative keyword searches to creating rich reports and visualizations to becoming a Splunk search ninja! Recommendation • 1 part-time power user per user group
  • 18. 20 Splunk Developer Role 2 Responsibility • Splunk developers are only required if applications are developed on top of the Splunk platform • Create rich, interactive dashboards and forms, and package Splunk knowledge objects for distribution across your organization
  • 19. 21 Basic Communication Framework 2 Architect Admin Works with power users to determine which data sources should be indexed to meet each department’s needs Scales the Splunk architecture to meet business demand Power Users Department Users Adds data sources to the Splunk platform according to business needs Assist power users with the development of advanced dashboards, alerting and reporting Maintains the Splunk SW and it’s infrastructure for optimal performance 1 Power user per department Provides basic support for new and existing reports and dashboards Works with their group to identify opportunities where Splunk can provide value
  • 20. 22 Splunk Classes 2 Splunk Roles Using Splunk Splunk Administration Searching and Reporting Creating Knowledge Objects Advanced Searching & Reporting Developing Apps with Splunk Developing with Splunk SDKs Architect Required Required Optional Optional Optional Optional Optional Admin Required Required Optional Optional Power User Required Required Required Optional Developer Required Optional Required Required Optional Required Optional for Splunk on-premises
  • 21. 23 Splunk Classes 2 Splunk Roles Using Splunk Splunk Administration Searching and Reporting Creating Knowledge Objects Advanced Searching & Reporting Developing Apps with Splunk Developing with Splunk SDKs Architect Required Optional Optional Optional Optional Optional Admin Required Optional Optional Power User Required Required Required Optional Developer Required Required Required Optional Required Optional for Splunk Cloud
  • 22. 24 Data On-Boarding  Define on-boarding process for new data sources / apps  Repeatable, documented process  Provide customer interview forum or survey  Integrate with service workflow New Data Source Request  Provide a data sample  Describe the data’s structure  timestamp | timezone  single-/multi-line  sourcetype  interesting fields  Describe initial uses for the data  searches | alerts | reports | dashboards  How to collect the data?  UF | syslog | API  How long to retain the data?  Who should have access?  Apply Common information Model  Are there TA’s available?  Validate
  • 23. 25 User On-Boarding  Orientation for new users  Develop training program  Splunk instructor-led online/onsite courses  Get started with Splunk videos  Advancement for experienced users  Continuing education  Splunk workshops  Office Hours  Where to get help?  How to contact <Company> Splunk team  Internal/external email lists, chat group  Splunk Answers
  • 24. 26 Inform  Track Value and ROI  Document Use Cases  Expert Showcases  Internal knowledge sharing  Develop power users  Tip of the Week/Month  Contests  Search competition  Use case drive  Regular Newsletter Splunk Accelerates Troubleshooting An expressive troubleshooting dashboard shines a bright light on any part of the infrastructure exceeding reasonable performance thresholds. Less Screwing Up, More Drilling Down Application and site performance is often dependent on system performance. Splunk’s monitoring probes through layers to collect high resolution CPU statistics.
  • 25. 27 Example Meetings  User Group  Splunk in Action  Ask Splunk  Open Office Hours  Splunk Administrators Group  Architecture and Administration topics  Splunk Developers Group  App, UI and API topics  Splunk Lunch & Learn  Education topics  Splunk Support Session  Support case review  Quarterly Business Reviews  Vendor Management Office
  • 26. 28 COE Success – Be Visible & Valuable • Create a Knowledge Management Portal for Splunk resource – Publish company specific policies & procedures – Publish Naming Standards – Publish Data Onboarding guidelines – Link to Splunk.com resources • Aggregate Training Needs from Line of Businesses • Conduct regular meetings for Line of Business Users – General User Group for Best Practice Sharing – Specialized meetings for Administrators, Developers, etc. – Lunch & Learn Sessions for informal training 2
  • 27. 29 Use Case Documentation (Examples) Splunk Monitors Proactively for Threat Patterns Alongside historical trending and analysis for monthly and incident reports, Splunk alerts the Fraud Detection team to similar patterns emerging across systems or locales in real time. Email alerts also promote standardization in capturing and exposing critical information. Splunk Secures Access for Independent Forensics Role-based controls provide shielded views into data. Incident investigations no longer require highly paid security professionals for pattern tracking and reporting. Empowering customer service or individual financial institutions to research independently and securely reduced incident response time from hours to minutes. Splunk Detects $5M in Attempted Fraud Correlation by transaction, time and geography identifies all elements in the infrastructure exposed to nefarious activity originating internally or externally. In one incident, Splunk’s transaction tracing and geoip mapping abilities identified 15 banks located in the same region exhibiting a similar fraud pattern. The activity was tracked to a single shared data processing vendor which had been compromised.
  • 28. 30 Partner with Splunk Teams  Account Team  Account Manager  Sales Engineer (SE)  Specialists (Security, IT SI, etc.)  Support Team  Designated Support Engineer (DSE)  Customer Success Manager (CSM)  Education  Standard curriculum (online/onsite)  Boot camps  Customized curriculum  Professional Services Team  Project-based (e.g. Deployment, Health Checks, Upgrades, App Development)  Technical Advisory Services (TAS)  Center of Excellence Advisory Services  Customer Advisory & Success Teams (CAST)  Dedicated Splunk Advisory Engineers  Faster time to value and adoption
  • 29. 31  Splunk User Groups  Community driven  Bootstrapped by Splunk  Locally every 2-3 months  SplunkLive!  Worldwide customer events  Technical workshops for beginner and advanced users  Local events held yearly  Annual Worldwide Users Conference  September 26-29, 2016 in Orlando FL, Disney World  3+ days, 130+ sessions, 4000+ enthusiasts  Splunk Answers Desk, SplunkBase Lab, Chalk Talks, Search Party, Hackathon Get Social with Splunk Events 3 www.splunk.com > Events
  • 30. SEPT 26-29, 2016 WALT DISNEY WORLD, ORLANDO SWAN AND DOLPHIN RESORTS • 5000+ IT & Business Professionals • 3 days of technical content • 165+ sessions • 80+ Customer Speakers • 35+ Apps in Splunk Apps Showcase • 75+ Technology Partners • 1:1 networking: Ask The Experts and Security Experts, Birds of a Feather and Chalk Talks • NEW hands-on labs! • Expanded show floor, Dashboards Control Room & Clinic, and MORE! The 7th Annual Splunk Worldwide Users’ Conference PLUS Splunk University • Three days: Sept 24-26, 2016 • Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP • Save thousands on Splunk education!
  • 31. Copyright © 2015 Splunk Inc. Next Steps COE Assessment
  • 32. 34 Splunk Architect Training Splunk Architect(s) Using Splunk Splunk Administration Searching and Reporting Creating Knowledge Objects Advanced Searching & Reporting Developing Apps with Splunk Developing with Splunk SDKs • # name • # name = Splunk training completed= Required = Optional = Training required but not completed = Optional training not completed Instructions: List the names and color code the cells as green, red or leave blank, based on legend below
  • 33. 35 Splunk Admin Training Splunk Administrator(s) Using Splunk Splunk Administration Searching and Reporting Creating Knowledge Objects Advanced Searching & Reporting Developing Apps with Splunk Developing with Splunk SDKs • #name • #name • #name = Splunk training completed= Required = Optional = Training required but not completed = Optional training not completed Instructions: List the names and color code the cells as green, red or leave blank, based on legend below
  • 34. 36 Splunk Power User Training Splunk Power User(s) Using Splunk Splunk Administration Searching and Reporting Creating Knowledge Objects Advanced Searching & Reporting Developing Apps with Splunk Developing with Splunk SDKs Server Team • # name Network Team • # name Middleware Team • # name DBA Team • # name App Support Team • # name App Development • # name Security Team • # name = Splunk training completed= Required = Optional = Training required but not completed = Optional training not completed Instructions: List the names and color code the cells as green, red or leave blank, based on legend below
  • 35. 37 Splunk Developer Training Splunk Developer(s) Using Splunk Splunk Administration Searching and Reporting Creating Knowledge Objects Advanced Searching & Reporting Developing Apps with Splunk Developing with Splunk SDKs • # name • # name • # name • # name = Splunk training completed= Required = Optional = Training required but not completed = Optional training not completed Instructions: This slide is optional and only applies IF there are plans to develop applications on top of Splunk. List the names and color code the cells as green, red or leave blank, based on legend below
  • 36. 38 Your Splunk COE Splunk Architect Doug Splunk Administrator Kevin Splunk Developer Suzie UX Admins Power User Bob Network Power User Mark DBA Power User Dave ecommerce Power User Tony example = Fully Trained = Partially Trained = Not assigned Splunk Developer Todd Instructions: add / remove boxes as needed. Include existing and future user groups. Color code each box based on legend below
  • 37. 39 Splunk COE Recommendations Roles Assignments • A • B • C Required Training • A • B • C architect admin developer power user Instructions: add recommendations to address role gaps with current and future user groups. 1 person may carry more than 1 role, however Power Users are usually different from team to team. Instructions: add recommendations to address training gaps for current and future user groups.

Editor's Notes

  1. These are the milestone stages of Splunk’s growth within most organizations. Can I get a show of hands on how many people are here in the first stage. Wow, hold on because you have a fun ride ahead of you. I would grab some business cards from the people around you. …keep going through each stage.
  2. We’re headed to the East Coast! 2 inspired Keynotes – General Session and Security Keynote + Super Sessions with Splunk Leadership in Cloud, IT Ops, Security and Business Analytics! 165+ Breakout sessions addressing all areas and levels of Operational Intelligence – IT, Business Analytics, Mobile, Cloud, IoT, Security…and MORE! 30+ hours of invaluable networking time with industry thought leaders, technologists, and other Splunk Ninjas and Champions waiting to share their business wins with you! Join the 50%+ of Fortune 100 companies who attended .conf2015 to get hands on with Splunk. You’ll be surrounded by thousands of other like-minded individuals who are ready to share exciting and cutting edge use cases and best practices. You can also deep dive on all things Splunk products together with your favorite Splunkers. Head back to your company with both practical and inspired new uses for Splunk, ready to unlock the unimaginable power of your data! Arrive in Orlando a Splunk user, leave Orlando a Splunk Ninja! REGISTRATION OPENS IN MARCH 2016 – STAY TUNED FOR NEWS ON OUR BEST REGISTRATION RATES – COMING SOON!