Workflow ProducCvity in Splunk Enterprise

Copyright 2013 Splunk Inc. Workflow ProducCvity in Splunk Enterprise Carl Yestrau Sr. So<ware Engineer Cory Burke Sr. So<ware Engineer #splunkconf

Legal NoCces During the course of this presentacon, we may make forward- looking statements regarding future events or the expected performance of the company. We caucon you that such statements reflect our current expectacons and escmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward- looking statements made in this presentacon are being made as of the Cme and date of its live presentacon. If reviewed a<er its live presentacon, this presentacon may not contain current or accurate informacon. We do not assume any obligacon to update any forward- looking statements we may make. In addicon, any informacon about our roadmap outlines our general product direccon and is subject to change at any Cme without nocce. It is for informaconal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligacon either to develop the features or funcconality described or to include any such feature or funcconality in a future release. Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respeccve owners. 2013 Splunk Inc. All rights reserved. 2

IntroducCon! Carl Yestrau Chief Architect/Principal So<ware Engineer Frontend team Joined Splunk in August 2007! Cory Burke So<ware Engineer Frontend team Joined Splunk in April 2012 3

Agenda! What s new in the search UI in Splunk Enterprise 6! DemonstraCons of new tools and workflows! Architecture required for the new UI! MigraCon! Q&A 4

What s New?! Ground up rewrite of the search UI! New and improved tools to facilitate searches! Search UI is now document aware 5

Splunk Enterprise 5 Dashboard Live 6

Search Landing Page! Streamlined experience compared to dashboard live! Data summary Tabs of important indexed data ê Hosts ê Sources ê Sourcetypes Provides a fast path to starcng your search 7

Demo 8

9

Reports: No More Viewstates 10

Demo 11

Permalinking! URL parameters q: the search query s: the id of the report (SavedSearch) sid: the id of the search job earliest: the earliest Cme for the search job latest: the latest Cme for the search job display.*: the display anributes 12

Permalinking! In Splunk Enterprise 6 all of these parameters can be in the URL concurrently This means you can achieve complex layer of display properces from each of the persistence stores Replacement for viewstates 13

Architecture! Architecture changes We have moved to the client side ê Performance ê Richer interaccon Open source framework for maintenance and stability ê Backbone.js framework ê Require.js packaging ê LESS CSS compilacon ê Bootstrap UI elements Embrace splunkd REST 14

The Browser Tier is created using the Backbone.js framework. HTML is created in the browser rather than passed from the splunkweb web server The Web Server Tier is now mainly a proxy to splunkd. It is scll used to create SimpleXML and legacy AdvancedXML views The Core Sever Tier is the REST API 15

MigraCon! Viewstates When a report (SavedSearch) has a viewstate key we transpose the viewstate found into display.* anributes When you save the report the migracon is final! FlashCmeline All links to flashcmeline will be redirected to the search page ê To re- enable the flashcmeline page you have to edit the view XML and remove the redirect anribute ê <view type="redirect" target="search"> 16

MigraCon! Full list of views that redirect to the new search page: dashboard_live.xml flashtimeline.xml report_builder_define_data.xml report_builder_display.xml report_builder_format_report.xml report_builder_print.xml! Advanced XML views will concnue to run using the module system 17

MigraCon! Local/data/ui/nav/default.xml is renamed to */ old_default.xml for the search app This is done to ensure/promote the new organizacon of the search page ê Alerts ê Reports ê Dashbpards ê Search ê Pivot This can be undone via renaming old_default.xml to default.xml and restarcng 18

MigraCon! applicacon.css no longer supported in the default search app Colors can be changed via nav.xml ê <nav search_view="search" color="#65a637"> App icon ê./search/static/appicon.png ê /search/static/appicon_2x.png App logo ê./search/static/applogo.png ê /search/static/applogo_2x.png! applicacon.js no longer supported in the default search app 19

Summary! Ground up rewrite of the Search UI! Lots of new and redesigned UI to facilitate bener searching! No more Viewstates! You can now create, save, and share Reports from the Search UI 20

YOU WANT THIS SEARCH UI!!!! Download it!!!! Go try it out at the demo booth! Check out the usability tescng sessions! Contact Carl: carl@splunk.com! Contact Cory: cburke@splunk.com 21

Next Steps 1 2 3 Download the.conf2013 Mobile App If not iphone, ipad or Android, use the Web App Take the survey & WIN A PASS FOR.CONF2014 Or one of these bags! Go to Making the Move from Advanced to Simple XML Room: Nolita 3, Level 4 Today, 3-4pm 22

Q & A 23