![]() Tools alone will not create a quality solution. Combining quality processes and great tools is the secret to success. What impressed me the most was the team created processes to continuously optimize data, build and test detections and finally deploy detections to drive better results faster than previously possible. Detection, response, and resolution metrics went from weeks and days to hours and minutes. The metrics the team presented after solution deployment were stunning. The AFS team needed a flexible solution to ingest a wide range of data at scale, and then shape the data in flight to optimize and enrich the data to work best with Splunk. The legacy solution was slow and not able to scale to meet current and future requirements. The Accenture Federal Services (AFS) team did an outstanding job describing how they replaced a legacy big data security platform with solutions that support unlimited scale, such as Splunk, data pipeline tools like Cribl Stream. PLA1484B – Big Data Platform (BDP) Replacement Through Splunk I get the best ideas from seeing customer presentations. I love hearing what customers are doing with Splunk. It offers options for storing high volume, low-value data at competitive rates to give teams more data management flexibility. A new Splunk cloud storage option called Flex Index was announced as well. This is a powerful feature that bridges silos and provides more flexibility. I am very interested in federated search since it supports searching both your on-premises and Splunk Cloud instances from one UI. Splunk also announced that a federated search was available. ![]() Of course, every customer must carefully evaluate its own particular details to determine if workload pricing is the right model. This model could save some customers money since they are not frequently searching their data, so metrics around CPU utilization will be relatively low and not trigger as many costs as a customer that runs hundreds of concurrent searches. You pay for what you use instead of how much data you ingest. Splunk’s most significant announcement around its core search products, Splunk Cloud and Splunk Enterprise expanded workload pricing options to shift to a more utilization-based model. I am interested to see how Splunk evolves this product offering. Being able to surge resources and address everyday needs across a broad range of customers could be very powerful. The best announcement was for Splunk SURGe, which Splunk calls “an elite team of cybersecurity experts,” whose goal is to provide technical guidance to customers “during high-profile, time-sensitive cyberattacks.” This could be a valuable service to customers since Splunk can see the scale of attacks given how many companies use Splunk ES. I would expect to see cloud-based Phantom and the fabled Mission Control shortly. The security-related announcements were a little more muted and included teases for more cloud-based Splunk security products. ![]() The product has been transformed since its acquisition and is a significant offering from Splunk. I like what Splunk has done with what was formerly known as SignalFx. Splunk made several exciting announcements around its observability platform, including always-on application profiling, enhanced database visibility to detect slow queries, and expanded OpenTelemetry support. conf has come to a close with several announcements and so many great customer presentations. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |