My criteria for selecting Splunk talks fall under two categories: Security and Optimization / Performance. You’ll see this reflected in my choices below.
Another great talk by Ryan Kovar this year. This talk touches on the world of powershell exploit kits and what they may look like in your environment. This was a very eye opening talk about powershell and what to look for. I cannot wait to put this to use and integrate it into my windows logging workflow. This is some very low hanging fruit to catch attackers and script kiddies alike in your environment.
Macy never disappoints with her knowledge of Extreme Search. This year Anthony joins her to discuss the new Machine Learning toolkit that’s been on Splunkbase for a few months. This talk goes into how to apply statistical models to security data and utilize these models with Extreme Search to detect anomalies. Both the Machine Learning toolkit and Extreme Search are areas where I’d like to improve my skill-sets in.
This session was a good peak into the types of internal scale testing Splunk does on Clustering. Common scaling issues were addressed as well, with tuning tips provided. 6.5 looks like a must upgrade for any large deployments or deployments with significant retention.
Overall I was extremely impressed with the quality of content this year at .conf. During previous years one of my main complaints was a lack of “in depth” technical talks. Often there were only 1-2 really deep technical talks per day in previous years. This year the problem was choosing which talk to go to, with almost every time slot having exciting talks. I cannot wait until the slides are posted so I can catch up on the talks I was unable to attend.