Navigating innovation: Highlights from CriblCon and Splunk .conf24

In a rapidly evolving threat landscape, it's crucial to stay updated with the latest market trends. At Davinsi Labs, we understand that there's no need to reinvent the wheel when tools are already being created and refined by other industry players. This is why it's important to observe new developments from these vendors and identify potential partners who could enhance our services.

Conferences are an ideal way to stay informed about these innovations. They provide the latest updates from vendors, and as significant adopters of Cribl and Splunk, it made perfect sense to attend both CriblCon (1 day) and Splunk .conf (3 days) 2024. These conferences offer detailed roadmaps and updates on recently implemented features from these vendors. It's always exciting to hear about new features that address current challenges we face. Beyond the informative sessions, these events offer valuable networking opportunities with a community of like-minded professionals who encounter similar issues, fostering insightful conversations.

Diving into CriblCon: Cribl’s future vision

After a smooth flight to Las Vegas and a check-in at the Venetian hotel, we were ready for our first conference day, CriblCon. 800 Attendees got together to look at the latest & greatest of what Cribl has worked on and is launching soon. 
Cribl's main product, Cribl Stream, is a data pipeline software designed to route, shape, and manage log and event data from various sources to multiple destinations. Cribl Stream helps organizations handle large data volumes efficiently, optimize storage and processing costs, and gain insights from their log data by enabling flexible and scalable data routing and transformation. The day began with an inspiring keynote outlining Cribl's future vision. Throughout the day, several breakout sessions were organized to enhance customer value by sharing tips, tricks, and best practices for the product. The day concluded with a reception featuring networking, games, and drinks—a perfect end to a great first day!

We had the privilege of meeting a co-founder of Cribl to discuss their future roadmap. It was a valuable opportunity for us to share our top feature requests and provide input on their upcoming plans. Additionally, we arranged an innovation week at our office, which is an intensive five-day workshop with Cribl where new expansions to our technology stack are tested and evaluated.

Kicking off Splunk .conf: A day of insights and connections

From CriblCon we headed straight to the Splunk .conf registration desk and you could feel the buzz in the air as we picked up our badges on Monday evening. That meant easy access to breakfast on Tuesday before diving into the conference. With Las Vegas's scorching 42°C heat, a cool morning dip by the pool was the perfect way to start the day. Refreshed, we headed to the partner program keynote. Splunk provided updates on how the Cisco acquisition is shaping product roadmaps and what's been achieved since the official merger. The big screen featured several testimonials, including one from Davinsi Labs! The afternoon offered a session on managing multi-customer environments, followed by the .conf keynote address. To cap off a stimulating day, we joined the Splunk EMEA reception for a chance to connect with fellow attendees.

Splunk .conf day 2: Digital resilience and AI

The second day at .conf24 started with a keynote, this time with a more technical focus on the latest innovations and features of the Splunk portfolio. We were happy to hear that resilience emerged as one of the buzzwords of the keynote, alongside AI off-course. At Davinsi Labs, where we are dedicated to achieving digital resilience for our customers, we were thrilled to see Splunk prioritizing this critical aspect. The keynote also discussed how Splunk is integrating AI capabilities to enhance its products.

Following the keynote, we attended a series of in-depth sessions that covered a broad range of topics. These sessions provided valuable insights into managing data lakes, configuring heavy forwarders, and much more. Here are some of the key sessions we attended:

Sessions:

• PLA1509B - Heavy Forwarders: How Heavy Arth Thou
• PLA1743B - Make the Most out of Your Data Lake Using the Latest Features in Federated Search for Amazon S3
• OBS1558B - Control Your Data, Control Your Deployment: Learn How to Process Data and Automatically Discover New Data Sources with OpenTelemetry!
• OBS1405C - Splunk IT Service Intelligence (ITSI) - The Latest and Greatest!

Announcements and innovations:

• Splunk AI Assistant, because everything needs some Generative AI gravy on top, is now GA.
• Splunk ES/SOAR/SAA will integrate tightly with Cisco Talos, this brings together 2 market leaders, Splunk with their expertise in the security intelligence products & the Cisco Talos group with their Threat Intelligence team that will now feed in to the Splunk Security portfolio.
• Splunk Enterprise Security 8 was announced, the UI has been completely revamped and feels up-to-date due to the use of the React. General Availability for ESS 8 is expected in the September time-frame. Also announced in ESS 8 is the integration with Cisco Hypershield, the new Distributed AI-driven (of course it is) EDR solution from Cisco.
• Splunk SOAR 6.3 was also announced with native external user-prompting. This will allow playbooks to send prompts to end-users that don’t need access to Splunk SOAR. Allowing for interactions between users and playbooks in a simple flow.
• Completely new is Splunk Asset and Risk Intelligence, this new premium application will be able to bring data from different sources (indexes, apis, …) and build a unified view of an organizational IT landscape providing proactive risk mitigation through continuous asset discovery and compliance monitoring. This can be run in a stand-alone way, but on top of that it can feed in to Asset & Risk Frameworks of Splunk Enterprise Security.

To wrap up the day, we headed to the “Splunk Happy Hour”, a perfect opportunity to discuss the topics of today with a refreshing drink. This also allowed us to network with our Belgian and Dutch colleagues and partners. The day ended on a high note with a visit to the Las Vegas Sphere.

Last day learnings: Digital Experience Monitoring, AIOps, and Open Frameworks

Getting up the on the last day started to prove a challenge because of the long days and the immense jetlag one needs to handle. That being said, the day was packed again with sessions!

Some of the sessions we attended:

• OBS1682B - Walk a Mile in Your Users' Digital Shoes: Crafting Seamless User Experience with Digital Experience Monitoring
• OBS1330C - How a Global Energy Leader Monitors Its Critical Business Applications and Provides Visibility to the Business Teams Using AIOps
• SEC1170C - OCSF: Open Frameworks for Organic Intelligences

In OBS1330C for example, we saw how Engie (the big French power company) used Splunk Observability cloud and ITSI to provide everyone within the company an overview of how good the IT environment is doing.

Did you know?

All of the .conf sessions (or certainly most of them) are available online at the Splunk.conf conference website. So you can just go checkout the sessions we followed too! One of the things you’ll miss out on though are our great company and goodies 🙂

We closed off the day, and therefor .conf, with the “Search Party”. Food, drinks, games, people, … everything and everyone was there. Especially during the TLC performance even the most serious Splunk folks became groupies.

Harsh reality on Friday morning when it was time to leave. We learned new things, got new inspiration, met new people, and asked a lot of questions.
The conferences were in 1 word amazing. Can’t wait to see what next year brings!