How to sell your ideas (and Splunk) internally - Splunk .conf

How to sell your ideas (and Splunk) internally - Splunk .conf

Copyright  ©  2014  Splunk  Inc.   How  to  sell  your   ideas  (and  Splunk)   internally   Nathan  Haynie   Splunk  Customer   Disclaimer   Durin...

2MB Sizes 0 Downloads 12 Views

Recommend Documents

Splunk for Healthcare - Splunk .conf
Single-payer healthcare is a healthcare system financed by taxes that covers the costs of ... Patients - individuals who

Sysmon - Splunk .conf
Sep 28, 2017 - from-Responding-to-Hunting-with-Sysinternals-Sysmon. Sysmon Resources https://github.com/MHaggis/sysmon-d

Machine Learning, Entropy and Fraud in Splunk - Splunk .conf
Use Cases. Domain analysis for threat detec on. SQL Injec on a ack detec on. Web based financial fraud. 11 ... Use case:

To Xfinity and Beyond - Splunk .conf
To Xfinity and Beyond: Mission Critical Metrics and Tips For. Managing Any Size Splunk Installation. Kate Lawrence-‐Gu

Beyond SplunkWeb - Splunk .conf
TV Everywhere with per stream encrypoon and mulo-‐tenant capabilioes. Telus -‐ Canada. TV Everywhere with per stream

Slides - Splunk .conf
Sep 27, 2017 - Solution Owner at Cardinal Health. ▷ Focused on integration, monitoring and automation. ▷ Favorite Sp

Splunk as a Service at Rakuten - Splunk .conf
About Company. Founded: February 7, 1997. IPO: April 19, 2000 (JASDAQ Stock Exchange). Office: Rakuten Tower (Tokyo, Jap

ng Splunk For Epic Performance At Blizzard Entertainment - Splunk .conf
History Of Splunk At Blizzard. 8. Three separate Splunk deployments. Nobody owned Splunk, no SME. Serious performance is

Building Splunk Visualizaaons with the New Custom - Splunk .conf
Dashboard Wizardry: Siegfried Puchbauer and Nicholas Filippi. Faster Splunk App Cer fica on with Splunk AppInspect: Grig

Splunk and the 20 CSC: A Pathway to ISO - Splunk .conf
Agenda. Understand what the Top 20 CSC are and why you should care: – History & rela[onships to compliance, data breac

Copyright  ©  2014  Splunk  Inc.  

How  to  sell  your   ideas  (and  Splunk)   internally   Nathan  Haynie   Splunk  Customer  

Disclaimer   During  the  course  of  this  presentaDon,  we  may  make  forward  looking  statements  regarding  future  events  or  the   expected  performance  of  the  company.  We  cauDon  you  that  such  statements  reflect  our  current  expectaDons  and   esDmates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For   important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,   please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presentaDon  are  being  made  as   of  the  Dme  and  date  of  its  live  presentaDon.  If  reviewed  aQer  its  live  presentaDon,  this  presentaDon  may  not  contain   current  or  accurate  informaDon.  We  do  not  assume  any  obligaDon  to  update  any  forward  looking  statements  we  may   make.  In  addiDon,  any  informaDon  about  our  roadmap  outlines  our  general  product  direcDon  and  is  subject  to  change   at  any  Dme  without  noDce.  It  is  for  informaDonal  purposes  only  and  shall  not,  be  incorporated  into  any  contract  or   other  commitment.  Splunk  undertakes  no  obligaDon  either  to  develop  the  features  or  funcDonality  described  or  to   include  any  such  feature  or  funcDonality  in  a  future  release.  

2  

What  is  preven-ng  you  from  taking  your  Splunk   program  to  the  next  level?  

“I  know  you  are  taking  it  in  the  teeth,  but  the  first  guy  through  the  wall...  he   always  gets  bloody...  always.  This  is  threatening  not  just  a  way  of  doing   business...  but  in  their  minds,  it's  threatening  the  game.  Really  what  it's   threatening  is  their  livelihood,  their  jobs.  It's  threatening  the  way  they  do   things...  and  every  Dme  that  happens,  whether  it's  the  government,  a  way  of   doing  business,  whatever,  the  people  who  are  holding  the  reins  -­‐  they  have   their  hands  on  the  switch  –  they  go  @!#  crazy.”   John  W.  Henry  (owner  of  Red  Sox)  to  Billy  Beane     Moneyball  (2011)  

Tips  for  taking   your  Splunk  program  to  the  next  level       …  one  thought  leader  to  another  

Topic  #1     Developing  Splunk     Visions,  Strategies,  and  Roadmaps     that  resonate  with  stakeholders     Begin  with  the  end  in  mind.    Repeat  as  necessary.    

Tip  #1.1  -­‐  Assessment  -­‐  a  criDcal  step    

-­‐  -­‐  -­‐  -­‐  -­‐ 

Customers   Sponsors   Partners   Detractors   Baseline  measurements  

Tip  #1.2  –  Vision,  Strategy,  Roadmap    

-­‐  Vision:  story  of  where  you’re  going   (what)   -­‐  Strategy:  chosen  path  to  get  there  (how)   -­‐  Roadmap:  Dming  (when)   -­‐  Business  value  roadmap   -­‐  Technical  roadmap   -­‐  Project  Plan:    work  breakdown  (who)  

Topic  #2  -­‐  CreaDng  buy-­‐in  and  overcoming  resistance    

-­‐  -­‐  -­‐  -­‐  -­‐  -­‐ 

Bring  out  the  pain!   What’s  in  it  for  you?   Take  the  iniDaDve,  set  the  tone   1:1  vs.  group  meeDngs   Start  small,  build  momentum   ReputaDon  

Topic  #3     Tips  for  telling  your  story      

Tip  #3.1       Contrast  Splunk  with  other  tools  using  a     key  ac-vi-es  diagram     …  works  on  whiteboards  and  napkins  too!  

Key  AcDviDes   Instrument  

Collect  

Process  

Store  

Model  

Consume  

Splunk  >   End-­‐to-­‐end  solu-on   Quick  -me-­‐to-­‐value  

Tableau   MS  SSIS  

MS  SQL  

MS  SSAS  

non-­‐trivial  skill  sets  &  learning  curves,   significant  effort  to  stand  up  and  maintain  

SSRS/Excel  

Logical  Diagram

OI  sample  ecosystem   Source  Systems

Splunk  UF  1 Splunk  FW

Splunk  UF  2 Splunk  UF  

Splunk  SH

Splunk  INDEX DBConnect

raw  &  complex  events

Splunk  UI Operational Interactive  Reports  & Data  Models

ODBC/API

CEP

context

CMDB

shared  data

Collectors

Syslog,  Custom,  ...

jobs

Agent  2 Agent  

alarm history

raw  &  complex  events

ITOps  Datamart

Agent  1 Agent  2 Agent  

Data  Bus  

Interactive  dashboards/reports

Agent  1

BI  Reporting Canned  Perf   Reporting

Config Config Perf

Alarm  Console

Alarms Legend

Splunk

Monitoring&Config

Tableau/QlikView

Custom/Hybrid

Tip  #3.2     Use  models  to  tell  your  story…  

CapabiliDes  Maturity  Model  example…    

…  a  cure  for  Chicken  Lille  syndrome  

Maturity  model  

-­‐  Tuning   -­‐  AutomaDon   -­‐  Numbers  and  process  understood   -­‐  Performance  metrics  acDonable   -­‐  Tracking  in  place  to  provide  numbers   -­‐  Learning  from  numbers  to  understand  dynamics  

-­‐  Different  people,  same  process,  same  results  

-­‐  Over-­‐reliance  on  tribal  knowledge     -­‐  Burned  out  heroes  holding  up  the  world  

Maturity  model  

-­‐  Tuning   -­‐  AutomaDon  

Note:  As  a  process  matures,  data  and   tools  are  needed  for  different  reasons.  

Raise  events,  track  ac-ons…   -­‐  Numbers  and  process  understood   -­‐  Performance  metrics  acDonable   Analyze,  test  ac-ons,  predict,…   -­‐  Tracking  in  place  to  provide  numbers   -­‐  Learning  from  numbers  to  understand  dynamics   Measure,  track,  correlate,  no-fy,…  

-­‐  Different  people,  same  process,  same  results   Simplify  steps,  verify  intended  results,…   -­‐  Over-­‐reliance  on  tribal  knowledge     -­‐  Burned  out  heroes  holding  up  the  world   Explore,  learn,  educate,  convince  

Maturity  model  

Tip:  PosiDon  Splunk  as  a     significant  accelerator     for  your  key  processes  

Tip  #3.3      

“Push  power  to  the  front  lines”     …  how  to  beat  the  efficiency  drum  

Tip  #3.4      

People,  Process,  &  Technology      

…  a  three-­‐legged  stool  …  powerful  tool  to  posiDon  Splunk  

Tip  #3.5       The  balanced  itera-ve  approach     …  a  “boiling  the  ocean”  countermeasure  

Balanced  iteraDve  approach   Enterprise   driven

Top  down   approach

Sophisticated   capabilities

A

Basic   capabilities

Silo  driven

B Bottom  up approach

A.  Top  down  approach        -­‐  More  collaborative  &  correlation,  wider  audience        -­‐  Can  tend  to  suffer  from  paralysis  by  analysis B.  Bottom  up  approach        -­‐  Relative  quick  time  to  value        -­‐  Right  hand  vs.  left  hand  building  train  wrecks              may  never  overcome  or  expensive  to  rework

Balanced  iteraDve  approach   Enterprise   driven

Top  down   approach

Sophisticated   capabilities

A

C

Basic   capabilities

Silo  driven

B Bottom  up approach

A.  Top  down  approach        -­‐  More  collaborative  &  correlation,  wider  audience        -­‐  Can  tend  to  suffer  from  paralysis  by  analysis B.  Bottom  up  approach        -­‐  Relative  quick  time  to  value        -­‐  Right  hand  vs.  left  hand  building  train  wrecks              may  never  overcome  or  expensive  to  rework C.  Balanced  iterative  approach        -­‐  Best  of  both  approaches              -­‐  Establish  top-­‐down  framework              -­‐  Work  on  highly  targeted  needs  of  silos  to                      provide  immediate  value  in  each  iteration                        working  within  framework              -­‐  Extend  framework  incrementally  as  required        -­‐  Requires  strong  vision  and  technical  voice  to                maintain  reasonable  balance  throughout.

Tip  #6   Splunk  +  CMDB   +  CEP   +  Tableau/QlikView   Don’t  be  afraid  to   integrate  Splunk  with   other  tools  to  create  a   rich  eco-­‐system  

=  

Complex  Event  Processor  (CEP)   -­‐  Data  enrichment:  IP  to  Geo,     -­‐  Simple  processing:  NVP  conversion,     data  scrubbing,  data  structure,  tokenize   -­‐  Advanced  bus  &  processing:     Complex  rules-­‐based  aler-ng  &  rou-ng   -­‐  Event  aggrega-on,  suppression,  cherry  picking    

Q  &  A  

THANK  YOU