This year at Splunk’s annual conference, .conf2014, I was able to speak on Splunk User Groups. The name of the talk was “How to Make New Friends (and Advance Your Career) by Starting Your Own Splunk User Group”. I enjoyed giving the talk. I have since been able to talk to other Splunk User Group leaders and people wanting to start their own User Group.
Below are the updated slides to the talk I gave.
Our group is around 100 people in the mail list and average around 15 per meeting. We have had a high of 34 people. We typically meet every other month. Since I cover the eastern part of Nebraska, I go between Lincoln and Omaha for each meeting. Lincoln and Omaha are about an hour drive from each other. Some people don’t want to make the drive. This provides everyone a chance to get to a meeting. Below is a typical meeting:
6:00 pm – Say hello and suggest everyone get some food and something to drink
6:15 pm – Start the meeting with a quick hello, where the bathrooms are, safety items (if needed), and go over what we are planning for the day.
6:25 pm – Introduce the company that is hosting the event. Give a quick thanks to them and invite someone from their group to show off how they use Splunk. This gives everyone a chance to brag on their Splunk use case and lets everyone attend hear a different way Splunk is being used or see a cool new dashboard. People are then encouraged to ask questions either about how they did something or about the company.
6:55 pm – Thank the speaker, invite people to take a minute to refill their drinks, get more food, or use the facilities.
7:00 pm – Introduce the featured speaker for the night. This could be a Splunk employee in person or via WebEx, one of our Splunk partners, or myself showing or teaching something. Some examples are I showed installing Splunk from a fresh linux install, Jeff Blake has shown building your first dashboard, Bert Hayes showing capturing t-shark data in to Splunk to catch a hacker, or on WebEx we got a demo of Splunk Cloud. This is the main focus of the meeting. We want to be able to teach our group more Splunk so they go back excited.
7:45 pm – Ask for general questions or ideas for the next meeting.
7:50 pm – General Networking
All of the times listed there are floating. If during the host company’s talk there is a lot of questions, we slide thing down. We try to reserve the meeting spaces we get until 9:00 pm so there is plenty of time to network or asking questions. As far as food, we normally get pizza. It is easy and quick. We have had events where it was self-serve buffet style. We normally have a mix of a soda/pop and beer for drinks. Alcohol is depended on the host companies willingness to allow alcohol.
For getting the message out about your meeting, Rachel Perkins is great about helping get the food, drinks, and venue paid for (if needed). To get your event listed on the Splunk “Where We’ll Be Next” page, email email@example.com and they will take care of it. Most people have been using MeetUp (http://www.meetup.com/splunk/) to do the sign up for the meeting. This will help you get an idea for the number of people that might show up to the event. A lot of the model for our group is a combination of hacker user groups I have attended in the past. It has been very helpful that Continuum (http://www.cwcsecurity.com/), our local Splunk partner, has been so giving. They help promote it and get their customers to the group. Not having a Splunk employee in Nebraska, we have had to get creative.
This search will show you what hosts used how much of your license. This is helpful in finding what system is eating away at your license. I have used this before when we went over our daily license limit to find the system generating the extra data.
index=_internal source=*license_usage.log type=Usage | stats sum(b) as bytes by h | eval MBytes=bytes/1024/1024 | eval GBytes=bytes/1024/1024/1024 | addcoltotals | fillnull value="Total" h | table h,bytes,MBytes,GBytes | sort -GBytes
Our provider, urpad.net, has suffered a massive outage. We have stood up new site on our new provider, bluevm.com, and are working to restore the data. We hope to get all our old posts and themes back.