Get Started with Splunk Community

Get Started with Splunk Community

Download manual as PDF

Download topic as PDF

User groups

Splunk User Groups are comprised of Splunk users located within a common geographical location that want to learn and network with like-minded people who are passionate about what they do.

Goals of a User Group

The goal of a Splunk User Group is to create an authentic, open forum for users to share technical details of their use cases, stories, difficulties, successes, and generally enjoy like-minded company.

User groups are not sales channels for Splunk or anyone else participating in the group. They should be focused on content that appeals to the community.

Starting a User Group

From the user group website, search for a Splunk user group in your area. If one does not exist, the website displays two options:

  • You can request to start a user group in your area. The Splunk Community team will get in touch with you to confirm your interest and answer any questions you have before completing the process of setting up your new user group and installing you as the leader. Typically, Splunk tries to ensure that there's a critical mass of users in a given geographical area before starting a user group.
  • If you don't want to lead a new group, you can request to be notified when a user group starts in your area.

There are five main components of starting and hosting a successful Splunk User Group:

  • Members
  • Leaders
  • Venue
  • Content
  • Cadence

Members

User group members are a mix of Splunk users, power users, admins, architects, developers, and people who have never used Splunk at all that are interested in learning from one another's experience.

Attendees come from various industries ranging from IT, security, IoT, healthcare, finance, and beyond, bringing different perspectives that help foster discussion, growth, and exploration amongst the group.

Finding and Connecting with Members

  • Network with other users who are already big fans of Splunk to help you start the group. If you don't yet have that, or you don't yet know your local Splunk users well enough to know who you can partner with effectively to make this successful, it's fine to wait until you think it has a good chance of getting off the ground. You can also check with your local and regional account managers for ideas. Contact a member of the Community team (usergroups@splunk.com) if you need an introduction to an account manager.
  • Many Splunk user groups have their own channels on the Splunk Community Chat on Slack (splunk-usergroups) to stay connected with users in their local area. If you are not part of the splunk-usergroups Slack team yet, send a request through https://splk.it/slack.
  • There is also a private channel for user group leaders. After you are on Slack, a Splunk Community team member can add you to the channel to connect and learn from the ideas and best practices of user group leaders around the world.

Leaders

User group leaders are the face of the local Splunk community. Since user groups are for the user, by the user, it is a best practice to have a customer in a primary leadership position.

Leader Best Practices

Ideally, a user group has 2-3 leaders comprised of customers, Splunk Partners, and Splunk Sales Engineers.

1-3 Splunk Customers
Customers are the key to the Splunk community and work with the SE to plan meetings, secure venues, weigh in on content, and engage the community. They are the voice of the local Splunk User Community and the liaison to their local Splunk team.
When there are multiple customers on a leadership team, it works best if at least two are from different companies, as they provide different perspectives and are not busy with the same projects at the same time.
Splunk Partner
A partner essentially plays the same role as a customer, but ideally they should be on the leadership team in addition to a customer.
Splunk Sales Engineer (SE) or other Splunkers
A Splunk SE can be highly involved as a resource to the rest of the user group leadership. They provide Splunk support and technical product information and are welcome to co-plan/lead with the customer and partner leaders. Splunk employees are not required to start up a user group, but often they are happy to provide guidance and support.

Venue

Venues are spaces in which to hold User Group meetups.

Venue Best Practices

Things to consider when selecting a venue

  • Pick a location that is central or easily accessible to most of your members.
  • If there is a mix of users both in the city and in the suburbs, consider alternating between suburban and city locations for each meetup.
  • If a large city or geographical region is divided; for example- if people who work and live on the north generally don't travel to the south side of the city and vice-versa, or cross a certain highway for events, try alternating to different parts of the city to make the User Group accessible to all members. (Note: This is only if there are actually members/ customers in these different parts of the city or region. If one area of the city is only retail stores, for example, then this is not necessary.)
  • Get the details on parking, public transit, etc.
  • Make sure the venue is accessible to people of all abilities.

Suggestions for venue locations

Office Conference Room
Reserve a conference room where you work. This is typically the most affordable and consistent venue option for a User Group.
If you have multiple customer and partner leaders in your user group, you can take turns hosting the meetup to keep things interesting and for the convenience of members who are traveling from different areas of your city.
If nearly every user group meetup is in an office conference room, change it up a couple times per year to make it a little more exciting for the users. Host a User Group holiday party at a restaurant or pub, get the group together for a quick presentation at an event room at a movie theater then have seats reserved to watch the latest action movie afterward, or host a volunteer night at a nonprofit and either do a quick presentation then volunteer together at the organization, or skip content this time and host a SpunkForGood (volunteering) bonding experience.
Restaurant or Pub meeting room
Many restaurants and bars/pubs have private event spaces. Some things to ask the venue before booking:
* Do they have A/V capabilities? TVs or projector? Sound? WiFi? Get the full details.
* Is there a food and beverage minimum or fee to hold the space? If there is, your local SE may be able to help you out. If you can avoid a space that requires a credit card deposit or minimum, even better.

Content

User Group content should always be focused on current Splunk users. Technical topics and/or professional development are key.

Content Best Practices

  • Use a visual aid.
    • PowerPoint presentations work well to show examples and visually explain use cases, solutions, and issues. It's also the best way to show dashboards and visualizations.
    • Screenshots and images in PowerPoint are always a safer bet than relying on venue Wifi. Also bring your presentation on a USB drive and email it to yourself as backup.
    • White boards, etc are also helpful. Just make sure the venue has what you need available before your meetup.
  • Presentation material should last no longer than 30 minutes each. It's best practice to plan about 20-30 minutes of content and 10-20 minutes of interaction/ Q&A. Get the audience involved!
  • Plan no more than 3 content items per meetup. It's good practice to include a Spunk update from a local SE in the beginning, followed by a user presentation/ use case, round table discussion, or something else focused on the user and not presented by Splunk.
  • Some user group leaders record meetings or stream them on YouTube for those who were unable to attend.

Content and Activities – Suggestions and Ideas

Activities
SPL-ing Bee
BOTS
Splunk Jeopardy
Q&A panel with local Splunk tech services (PS/SE/etc) people mixed in with the experienced customers

Get in touch with other User Group leaders or the Community team for advice on how

Workshops
Let the group help resolve the "worst search" or an "inefficient architecture" scenario or other performance issues with real or obfuscated data. Workshops are especially great to do when a relevant expert is in town.
Sharing
Stream your meetings on YouTube so remote people can still attend.
Presentation Topics
Ideas
  • Survey the users. Ask them what they want to hear or talk about.
  • Onboarding users
  • Onboarding data
  • Splunking Minecraft
  • Creating an internal User Group or Center of Excellence within your organization.conf presentations
  • Crafting an excellent .conf presentation
  • What are all these .conf files?
  • What's the weirdest thing you've ever Splunked?
  • How do I keep my license volume down?
  • Hunting with PCAP data
  • Building an App
  • Splunk and Security Orchestration
  • Cloud (AWS) Security with Splunk
  • Splunk Deployment Best Practices
  • Splunk Security Best Practices
  • Favorite Use Cases & Special Searches
  • Creating Awesome Dashboards
  • Universal vs. Heavy Forwarders
  • Splunk Education & Development Paths
  • Splunk User Behavior Analytics (UBA)
  • Supporting Splunk at Scale
  • Splunking at Home (Visualizing Gmail Data)
  • RaspberryPi Arcade Demo (Splunk Enterprise + Splunk Metrics data collection)
  • Introduction to Enterprise Security


Swag and Expenses

You can expense food, drink, and swag for meetings. We ask that you try to spend no more than $15 per person per meeting. Please contact the Splunk Community Manager if you want to do something special or unusually expensive.

If you are a Splunk employee or contractor, use the expense category in Nexonia called Splunk User Group Reimbursement.

If you are a partner or a customer, contact the Splunk Community Manager for the expense form. Please keep your itemized receipt! Expenses are reimbursed by check within the US and by wire transfer outside the U.S.

If you are a customer who works closely with your SE on User Groups, you may be able to work with your SE to have them purchase food and beverage on their expense account while you use the $15/user for swag, or vice-versa.

Cadence

The cadence is the steady frequency at which a user group meets.

Cadence Best Practices

The minimum that any User Group should meet is quarterly, and many successful groups meet monthly or every other month. These monthly or bi-monthly meetups keep the User Group as top of mind for members, and if they have to miss one, they don't have to wait an entire quarter for the next one.

Having a consistent cadence is key. For example, the San Francisco group meets the first Wednesday of the month. This way, the members know what to expect, and can block time off on their calendars for future meetings.

Even if just a few members show up from time to time, don't cancel—it's a club, and people should be able to rely on the meeting happening.

Many User Groups hold a .conf-themed meetup after Splunk's annual .conf event. This way, the local SE or Splunker can share any new announcements or interesting technical presentations from .conf, which not every customer has a chance to attend. Even if this does not fall within the typical cadence, "extra" meetups such as these are valuable.


Tips for growing your group

Wait until the time is right. What happens with a lot of user groups (not necessarily Splunk) is that they get started without enough local support, and they have one or two meetings, and then *crickets*.

Attend other technical meetups and industry events and make connections. Share all User Group meetups on your professional social networks- LinkedIn, Twitter, etc. Post photos after the event- show your network what they've missed so they'll join next time.

Look for quality over quantity. If you have 5-10 people meeting regularly and truly sharing their Splunk triumphs and problems with each other, the group is a success.

PREVIOUS
Chat groups
  NEXT
SplunkTrust

This documentation applies to the following versions of Get Started with Splunk Community: 1.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters