Splunk Discovery Day 2017 in Moscow. How did everything go…

Last week, the largest Splunk event in Russia was held at the Moscow Hotel Ukraine, and although Splunk .conf was held just a month ago in Washington, the Moscow conference experienced a big rush from the participants. The most interesting part of the event was the session with presentations of existing customers with their own success stories. These are companies such as: Megafon , Yota , Bank Delta Credit , delivery service SPSR Express , Russia Today TV channel. At that moment, the hall was full and some participants listened to the reports while standing, in general, about three hundred people attended the conference.

What kind of conference is this?

Splunk has been holding its annual Splunk .conf conference in America for 10 years now, which is the largest Splunk event in the world in terms of content and number of participants. Yes, there go thousands of customers, partners and distributors from around the world. However, since America is far from us, and the Splunk market in the world, and at the same time the level of customers is somewhat higher than in Russia, RRC has been holding the Splunk Discovery Day conference local for Russia and the CIS for several years in a row. The format of the event is somewhat similar to Splunk .conf in that all content can be divided into two parts: success stories of existing customers and technical sessions from partners and representatives of Splunk to show some of the most interesting things and answers to questions. And yes, of course networking. During coffee breaks and lunches, participants are very willing to get acquainted and share their experiences.

Customer Sessions

This year both mature enough customers (Megafon, Yota) and newcomers (Russia Today, SPSR Express, Delta Credit) were present at the conference. Splunk has proven to be quite varied: from security and service monitoring to business analytics.
')

TV channel Russia Today

Despite the playful name, the Russia Today channel team was able to appreciate Splunk and implement a wide range of tasks on it: starting with such basic aspects as logging, field highlighting, enrichment, storage, writing correlations, ending with developing new connectors and writing statistical queries based on Machine Learning Toolkit. The company honestly compared Splunk with a number of other vendors, and after load testing, the choice was made in favor of it. I would also like to note the variety of Security cases that the Russia Today team was able to come up with and implement with the help of Splunk.

→ The full version of the presentation is available here .

Megaphone

The megaphone company is one of the largest Splunk customers in Russia. This year, a team from MegaFon showed how using Splunk they monitor the availability of their systems, for example, how quickly the money goes to the customer’s account after he has made a payment. Thanks to Splunk, Megafon was able to reduce this delay several times and it is clear that this is only one of hundreds of business processes. Also, since Megafon has a very large Splunk infrastructure (more than 1000 data streams), the company showed best practice in building architecture and monitoring the work of Splunk itself.

→ The full version of the presentation is available here .

DeltaCredit Bank

For those who do not know, DeltaCredit is a fairly large mortgage bank with high estimates of the level of service, turnover, number of branches and with a serious information security department. It is for the purposes of information security that they use Splunk. At the moment, it is centralized storage of logs, dashboarding and alerting for various correlation searches, as well as a service for responding and shaping information security incidents. Plans for next year - building a full-fledged SOC based on Splunk.

→ The full version of the presentation is available here .

Yota

Yota, like Megaphone, is a fairly large and already mature customer and Splunk user, about 400GB of logs per day, which is about 1 billion events. Each employee of the IT unit has completed basic Splunk training and has the appropriate competence. Thanks to Splunk, the company solves such tasks as monitoring the provision of services, analyzing system performance, general analysis of systems in order to identify hidden errors. To do this, use a granular model KPI and a specialized application Splunk ITSI . Also this year, Yota talked about how they monitor the work of their application and identify the main problems in its work. Thanks to Splunk, the ability to increase overall customer satisfaction with their services, by reducing errors, improving service availability, and creating the most convenient ways to service.

→ The full version of the presentation is available here .

SPSR Express Delivery Service

SPSR Express is also new to Splunk. The main prerequisites for the implementation of Splunk were business losses associated with the processing of invoices with cash on delivery, the provision of discounts to customers, incorrect consideration of work shifts and delivery on an incorrect date. The company has generally achieved significant results in improving business process data. The conference told the story of how the entire wagons with packages from Ali Express could have been delivered free of charge due to errors in the delivery systems, now there are no such errors.

→ The full version of the presentation is available here .

Conclusion

In addition to the presentations of customers there were several technical sessions with partners, at which everyone could get acquainted with the decision in more detail or ask specific questions. In general, the conference turned out to be quite interesting and useful for both a novice in the Splunk area and an advanced user.

Also, despite the large number of participants, I would like to note a good organization and a general, fairly high level of the event.

And yes, do not forget that for any question regarding Splunk: its implementation, the development of applications on it, the addition of new, complexly indexed events and everything else you can contact us through our website.