Get Started with Splunk Community

Get Started with Splunk Community

Download manual as PDF

Download topic as PDF

User groups

Splunk user groups are comprised of people located in the same geographical area that want to learn and network with like-minded people that are passionate about what they do. Splunk user groups are great for learning about all things Splunk in your local region.

About Splunk user group members

User group members are a mix of Splunk users, power users, admins, architects, developers, and people who have never used Splunk at all that are interested in learning from others’ experience. Attendees come from various industries ranging from IT, security, IoT, healthcare, finance, and beyond, bringing different perspectives that help foster discussion, growth, and exploration amongst the group.

Splunk user group goals and policies

The goal of a Splunk user group program is to create an authentic, ongoing user group experience for our customers, partners, and employees.

At Splunk user group meetings, our existing customers talk to each other and share the technical details of their use cases, stories, difficulties, and successes. This creates a trust relationship. A user group should have significant customer and user leadership. It is helpful to have Splunk tech services staff or partners help kick things off and remain involved. However, the content at the meetings should be largely customer-driven and should reflect what you, our users, are asking for.

User groups are not sales channels for Splunk or anyone else participating in the group. User groups are aimed at enabling and engaging our existing users. Sales pitches, either from Splunk or from partners, should be kept to an absolute minimum.

The benefit to user group members is sharing experiences and learning about new ways to use Splunk products.

Find a Splunk user group

  1. Go to https://usergroups.splunk.com to find a user group in your area.
  2. Click the Learn More link to see information about the group, such as upcoming events, and when and where the group meets.
  3. Click Join This Group.

Start a Splunk user group

From the user group website, search for a Splunk user group in your area. If one does not exist, the website displays several options.

  • You can request to start a user group in your area. The Splunk Community team will get in touch with you to confirm your interest and answer any questions you have before completing the process of setting up your new user group and installing you as the leader. Typically Splunk tries to ensure that there's a critical mass of users in a given geographical area before starting a user group.
  • If you don't want to lead a new group, you can request to be notified when a user group starts in your area.

Lead a Splunk user group

Whenever possible, Splunk prefers that customers and partners lead user groups. Each group determines their own meeting schedule, topics, and meeting structure. However, Splunkers in local regions and the Splunk Community Manager can help to get guest speakers.

Expectations of user group leaders

  • Recruit other users to attend. This isn’t difficult. The user groups sell themselves. Get the word out. You can also contact your account rep or partner channel manager to ask for help.
  • Schedule regular meetings and find a venue.
  • Gather ideas from the community for speakers and topics.
  • Moderate content (in meetings and online) to ensure that the group members observe the policies and guidelines.

Tools

User groups site

Check out the User Groups website to find a user group. Some people are using meetup.com and LinkedIn, as well as a couple of private, user-made websites to run their Splunk user groups. We encourage folks to migrate to the new site so we can serve the user groups better, but it’ll take some time before we are all under one virtual roof.

Chat rooms

Many Splunk user groups have their own channels on the Splunk Community Chat on Slack (splunk-usergroups) to stay connected with users in their local area. If you are not part of the splunk-usergroups Slack team yet, you can send a request through https://splk.it/slack.

There is also a private channel for user group leaders. After you are on Slack, a Splunk Community team member can add you to the channel to connect and learn from the ideas and best practices of user group leaders around the world.

Tips and logistics

Tips for hosting your group meetings

  • If you are able to host at your office, that’s great! Some of our larger customers love to do this because they essentially get cross-training and support for their Splunk users just for the cost of hosting the event in a conference room after-hours at their site.
  • If you don't have access to a conference room or similar space at your office or at the offices of another customer, Splunk User Group meetings can work well at a pub or restaurant that has a private room.
  • When sending the meeting details, make it clear where attendees need to enter, park, etc.
  • Host the meeting in a central location that is easily accessible to participants. Try to alternate between several venues.
  • Have a table set up near the entrance of the room for registration and greetings.

Tips for growing your group

  • Wait until the time is right. What happens with a lot of user groups (not necessarily Splunk ones) is that they get started without enough local support, and they have one or two meetings, and then *crickets*.
  • Network with other users who are already big fans of Splunk to help you start the group. If you don't yet have that, or you don't yet know your local Splunk users well enough to know who you can partner with effectively to make this successful, it's fine to wait until you think it has a good chance of getting off the ground. You can also check with your local and regional account managers for ideas. Contact a member of the Community team if you need an introduction to an account manager.
  • Meet at a regular cadence, preferably once every month or two on the same day of the month. For example the San Francisco group meets the first Wednesday of the month. This way, the members know what to expect, and can block time off on their calendars for future meetings. Once a quarter is fine, but once a month is better. Even if just a few folks show up sometimes, don't cancel—it's a club, and people should be able to rely on the meeting happening.
  • Look for quality over quantity. If you have 5-10 people meeting regularly and truly sharing their Splunk triumphs and problems with each other, the group is a success.

Suggestions for engagement and activities

Activities

Introductions
Make sure your attendees introduce themselves at the beginning of each meeting. Have new folks talk a little bit about how they got into using Splunk products.
  • SPL-ing Bee
  • BOTS
  • Splunk Jeopardy
  • Q&A panel with local Splunk tech services (PS/SE/etc) people mixed in with the experienced customers
Workshops
Let the group help resolve the “worst search" or an “inefficient architecture” scenario or other performance issues with real or obfuscated data. Workshops are especially great to do when a relevant expert is in town.
Giveaways
Schwag is never a bad idea—randomly recognize someone local or new whose Splunk Answers karma score went up a lot in a given month, new members of the user group, or promotions.
Sharing
Stream your meetings on YouTube so remote people can still attend.
Presentations from User Group Leaders

Topics

  • Survey the users. Ask them what they want to hear or talk about.
  • Onboarding users
  • Onboarding data
    • Splunking Minecraft
  • Creating an internal User Group or Center of Excellence within your organization
  • .conf presentations
  • Crafting an excellent .conf presentation
  • What are all these .conf files?
  • What's the weirdest thing you've ever splunked?
  • How do I keep my license volume down?
  • Hunting with PCAP data
  • Building an App
  • Splunk and Security Orchestration
  • Cloud (AWS) Security with Splunk
  • Splunk Deployment Best Practices
  • Splunk Security Best Practices
  • Favourite Use Cases & Special Searches
  • Creating Awesome Dashboards
  • Universal vs. Heavy Forwarders
  • Splunk Education & Development Paths
  • Splunk User Behaviour Analytics (UBA)
  • Supporting Splunk at Scale
  • Splunking at Home (Visualizing Gmail Data)
  • Introduction to Enterprise Security

Expenses and reimbursement

You can expense food, drink, and schwag for meetings. We ask that you try to spend no more than $10 per person per meeting, but we're flexible. Please contact the Splunk Community Manager if you want to do something special or unusually expensive.

If you are a Splunk employee or contractor, use the expense category in Nexonia and OpenAir called Splunk User Group Reimbursement.

If you are a partner or a customer, contact the Splunk Community Manager for the expense form. Please keep your itemized receipt! Expenses are reimbursed by check within the US and by wire transfer outside the U.S.

PREVIOUS
Chat groups
  NEXT
SplunkTrust

This documentation applies to the following versions of Get Started with Splunk Community: 1.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters