Taking Splunk to the Next Level for Management

David CaradonnaManager, Business Value ConsultingSplunk>

April 14, 2015

Legal NoticeDuring the course of this presentation, we may make forward looking statements regarding future events or theexpected performance of the company. We caution you that such statements reflect our currentexpectations and estimates based on factors currently known to us and that actual events or results could differmaterially. For important factors that may cause actual results to differ from those contained in our forward-lookingstatements, please review our filings with the SEC. The forward-looking statements made in this presentation are beingmade as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may notcontain current or accurate information. We do not assume any obligation to update any forward looking statementswe may make. In addition, any information about our roadmap outlines our general product direction and is subject tochange at any time without notice. It is for informational purposes only and shall not be incorporated into any contract orother commitment. Splunk undertakes no obligation either to develop the features or functionality described or toinclude any such feature or functionality in a future release.

Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk™, Splunk Cloud™, SplunkStorm® and SPL™ are registered trademarks or trademarks of Splunk Inc. in the United States and/or othercountries. All other brand names, product names or trademarks belong to their respective owners. © 2014Splunk Inc. All rights reserved.

Help Splunk customers, prospects, and partners

document the projected and already realized

business value of making machine data accessible,

usable, and valuable for everyone

Common Deliverables:

› CFO-Ready Business Cases

› Value Realization Studies

› Adoption Roadmaps and Maturity Assessments

› Customer and Use Case Benchmarks

Business Value Consulting @Splunk

3

Why Position Business Value?

4

Your process requires it

Create and maintain visibility

Replicate success across the org

Accelerate enterprise adoption

Maximize business results

Splunk is a Hidden Gem

5

Way cool, dude.

What business value do I get?

I’m invincible!

Top Challenges to Documenting Value

Lack of Splunk and Industry Benchmarks

xData

Lack of Tools to Make Value

Measurement Easy

xTools

Not Enough Time to Assess

Your Value

xTime

Splunk Can Help You Document Value

All Splunk Tools Are Available to

All of You

ToolsTime

Tools, Content and Team Will Save You Time

Access to Splunk and Industry Benchmarks

Data

Taking your Splunk Deployment to the Next Level

4

Quantify

business

value

1

Map your

adoption

chart

3

Position

further use

cases

Document

noticeable

successes

2

STEP 1 - Map your current deployment

1

Map your

adoption chart

• Provide a high level view

• Demonstrate where and how Splunk is in use

• Organize by group or by business service

• Highlight uses cases that the most drive value

• Tie key processes with Splunk

• Pick one of our adoption templates to get you started!

Enterprise Adoption

IT Operations

Security & Compliance

Application Support

Application Development

IT Operations Adoption Chart Template

% Data Indexed

Incident Investigation Faster Root

Cause Analysis

Fewer Outagesthrough

Proactive Alerting

Improved Capacity Planning

More Visibility through

Operational Dashboards

GroupsFaster Level 1 Triage

Fewer Level 2 & 3 Escalation

Faster incident MTTR

Virtualization 0%

Server - Unix 25%

Server - Windows 0%

Storage 33%

Network 100%

SAMPLE

= Splunk fully in use = Splunk partially in use = Splunk not in use

Application Development Adoption Chart Template

Applications% Data Indexed

faster test failure

analysis

faster debugging of

code

faster developmentof dashboards

and reports

increaserevenue with

business analytics

SAP 0%

Warehouse 30%

E-Commerce Website 0%

Call Center 25%

PeopleSoft 50%

Service Now 50%

SAMPLE

= Splunk fully in use = Splunk partially in use = Splunk not in use

Security & Compliance Adoption Chart Template

Data Sources%

Indexed

Automated Log

Collection

Monitoring and

Alerting

Faster Level 1 Triage

Faster Incident

Response

Streamlined Compliance Reporting

AutomatedContinuous Compliance

Automated Routine Log

Reviews

Threat Intel:(3rd Party)

0%

Threat Intel:(OS Blacklist)

30%

Network:(Firewall)

20%

Network:(IDS/IPS)

25%

Endpoint:(PCLM)

70%

Access & Identity Mgt

70%

SAMPLE

= Splunk fully in use = Splunk partially in use = Splunk not in use

Security Critical Security Controls

Critical Control In Place?

Monitor unauthorized devices or software

Monitor unmanaged devices or software

Monitor configuration compliance

Monitor patch compliance

Monitor malware defense

Monitor application software security

Monitor wireless access control

Analyze audit logs with time-based correlation

SAMPLE

Critical Control In Place?

Monitor use of ports, protocols, and services

Monitor controlled use of admin privileges

Monitor perimeter IDS

Monitor controlled / uncontrolled access

Monitor orphan, expired, miss use of accounts

Monitor potential exfiltration of information

Monitor secure IP restriction policies

Maintain data going back months

= Splunk fully in use = Splunk partially in use = Splunk not in use

Enterprise Adoption Chart Template

= Splunk fully in use = Splunk partially in use = Splunk not in use

Production Support Application Development Security & Compliance

TOP 5 FSI Applications

reduce frequency

of incidents

accelerate incident MTTR

streamline post

incident reviews

optimize server

capacity

faster test failure

analysis

faster debugging

of code

faster developmentof dashboards

and reports

increaserevenue with

business analytics

reduce risk of fraud

reduce risk of data

breach

reduce risk of

IP theft

efficient audit

activities

automate routine

procedures

Online Banking

Treasury Internet Banking

Wires

Future Core

Credit Lead

STEP 2 - Document and Measure your Success

Document

noticeable

successes

2 • Document a few success stories of your Splunk usage

• Summarize BEFORE and AFTER Splunk

• Highlight metrics of improvement

• Demonstrating success will help further the cause

• Leverage our success story templates to get you started!

Success story templates• Pick 2 or 3 use cases

• Sit down with your Splunk user for 60 min/use case

• Gather Before and After data to build your story slide(s)

• Follow our questionnaire guidelines

Example of a success story slide

Faster Investigation of Server Events– Mundane issues consume a lot of our time

Examples: Mailflow issues, Webproxy issues, Websites being blocked, etc

Investigation 75% faster

Regained 35% of staff time to work

on higher value activities

– Before Splunk

Difficult to troubleshoot and more time consuming

Hard to get a global picture, if troubleshooting an issue in Tennessee, real issue could be in Ohio

Had to manually investigate 5 to 10 servers, typically

taking 1 to 2 hours to fix mundane issues

50% of our time was spent on these types of issues

– With Splunk

One source of information that can crawl all servers

Mundane issues now resolved in ~30 minutes instead of hours

Regained 35% of staff time, we can now focus on higher value work

Saved over 3,000 hours per year

Step 3 - Position key areas to expand

3

Position

further use

cases

• Identify opportunities by showing usage and gaps

• Socialize your success stories to target groups

• Position potential value with future use cases

• Demonstrate actual Splunk customer successes

• Leverage Splunk customer benchmarks to get you started!

Production Support Application Development Security & Compliance

TOP 5 FSI Applications

reduce frequency

of incidents

accelerate incident MTTR

streamline post

incident reviews

optimize server

capacity

faster test failure

analysis

faster debugging

of code

faster developmentof dashboards

and reports

increaserevenue with

business analytics

reduce risk of fraud

reduce risk of data

breach

reduce risk of

IP theft

efficient audit

activities

automate routine

procedures

Online Banking

Treasury Internet Banking

Wires

Future Core

Credit Lead

Adoption Charts in ActionCan you find 5 Opportunities here?

5

51

2 43

= Splunk fully in use = Splunk partially in use = Splunk not in use

Splunk IT Operations BenchmarksKnow what to project and/or compare how you’re doing

20

Reduced Sev1 and Sev2 incidents by 43%

Reduced MTTR by 95% and reduced escalations by 50%

Improved capacity utilization and avoided $200k in infrastructure

15% to 45% reduction in system incidents

70% to 90% faster investigation of system incidents

67% to 82% reduction in financial impact from outages

5% to 20% optimization with server capacity allocation

Splunk Application Support/Dev BenchmarksKnow what to project and/or compare how you’re doing

21

15% to 45% reduction in application incidents

70% to 90% faster investigation of QA defects and incidents

10% to 50% faster time to market

10% to 50% increase in value for key projects

Went from 1 release/day to 8 because of Splunk

Shortened their development cycles by 30%

Reduced the number of incidents leading to 9M Euro per year in revenue recaptured

Splunk Security & Compliance BenchmarksKnow what to project and/or compare how you’re doing

22

70% to 90% improvement with detection and research of events

70% to 90% faster investigation of security incidents

10% to 50% lower risks with data breaches, fraud and IP theft

70% to 90% reduction in compliance labor

Reduced investigation effort by more than 75%

Reduced the time to report on SAS70 compliance by 83%

Reduced the number of security incidents by 80%

Step 4 - Create a CxO-Ready business case

4

Quantify

business value

• Expanding Splunk might require a business case

• Align your project with key goals

• Identify key metrics that drive the most value

• Quantify value first, then the investment

• Defend your case with industry benchmarks

• Leverage our IVA - Interactive Value Assessment tool to get you started!

IVA Highlights

Target your business case Calculate value seamlessly

Be credible Deliver value on the spot!

Choose 1 or many Groups

45 Value CalculatorsAutomatically surface those that are relevant

Built-in Industry Benchmarks and Customer Case Studies

Full Business Case Report

Accessing the IVA

• Interactive Value Assessment

• Excel Spreadsheet

• Work with your rep to gain access to the latest version

• Follow the Impact and Capture All the Value

• Complete Financial Analysis

Plan your Splunk

staffing roles

Execute against a strategy

Other Considerations

Take

incremental

steps

Take incremental steps

Position Value in Expansion Area

Value Opportunity:

• faster detection,

• faster investigation,

• faster root cause analysis of application incidents

• fewer developer escalation

After 3 to 6 months

After 3 to 6 months

Document Success for Server & Network teams

Document Success for App & DB teams Position Value in

Expansion Area

Application Development

Value Opportunity:

• faster test analysis,

• faster investigation of pre-production bugs,

• faster releases cycles

Position Value in Expansion AreaSecurity &

Compliance

Value Opportunity:

• faster detection, faster triage,

• faster investigation of security incidents

Value Realized:

• faster detection,

• faster investigation,

• faster root cause analysis of system incidents

IT OperationsApplication

Support

Execute against a strategy

• Avoid being reactive – don’t drive by data source

• Develop a plan to expand Splunk

• Link the plan to strategic company goals

• Document the anticipated value

• Set baselines for success

• Leverage our Value Roadmap templates

Execute against a strategy

Plan your Splunk Staffing RolesBe sure you have the staff and skills to maximize value

30

A successful and scalable deployment of Splunk relies on the orchestration of key roles and responsibilities, primarily centered around:

Architecture

Administration

User adoption (Power User)

Application development

Basic Communication Framework

31

Architect

Admin

Works with power users to determine which data sources should be indexed to meet each department’s needs

Scales the Splunk architecture to meet business demand

Power Users Department Users

Adds data sources to the Splunk platform according to business needs

Assist power users with the development of advanced dashboards, alerting and reporting

Maintains the Splunk SW and it’s infrastructure for optimal performance

1 Power user per department

Provides basic support for new and existing reports and dashboards

Works with their group to identify opportunities where Splunk can provide value

Splunk Roles & Recommended Training

32

Splunk Roles

Using Splunk

Splunk Administration

Searching and

Reporting

Creating Knowledge

Objects

Advanced Searching & Reporting

DevelopingApps with

Splunk

Developing with Splunk

SDKs

Architect Required Required Optional Optional Optional Optional Optional

Admin Required Required Optional Optional

Power User Required Required Required Optional

Developer Required Optional Required Required Optional Required Optional

for Splunk on-premises

Map Your Roles & Highlight Training Gaps

33

Splunk Architect#name

Splunk Developer

#name

SecurityPower User

#name

CollaborationPower User

#name

DatabasePower User

#name

CRMPower User

#name

NetworkPower User

#name

Financial AppsPower User

#name

Splunk Architect#name

= Fully Trained = Partially Trained = Not assigned

WebPower User

#name

ServerPower User

#name

Your Company

RecapTaking your Splunk Deployment to the next level

4

Quantify

business

value

1

Map your

adoption

chart

3

Position

further use

cases

Document

noticeable

successes

2

Plan your Splunk

staffing roles

Execute against a strategy

Remember to…

Take

incremental

steps

36

The 6th Annual Splunk Worldwide Users’ Conference

• September 21-24, 2015

• The MGM Grand Hotel, Las Vegas

• 4000 IT & Business Professionals

• 2 Keynote Sessions

• 3 days of technical content• 165+ sessions

• 3 days of Splunk University• Sept 19-21, 2015• Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP, etc.• Save thousands on Splunk education!

• 80 Customer Speakers

• 80 Splunk Speakers

• 35+ Apps in Splunk Apps Showcase

• 65 Technology Partners

• Ask The Experts and Security Experts, Birds of a Feather, Chalk Talks and a new & improved Partner Pavilion!

• Register at conf.splunk.com

Prizes in Exchange for Your Survey Feedback!

Text Splunk to 878787

OR

Scan this QR Code

Then stop by our reg desk for a free gift and a chance to win a $100 AMEX gift cards