Splunk .Conf25

It’s great news, we’ve been selected to talk at Splunk .Conf25 in Boston in September. At the time of this blog entry (April), that seems to be ages away but the race is now on to prepare.

Splunk .Conf25 is this years iteration of the annual Splunk Conference. This year is going to be hugely different in many diverse ways. First of all it is in Boston and not the usual Las Vegas (shame). Notably it’s not the first time it hasn’t been there. There have been other locations previously, but previous hosts Las Vegas and Orlando have never been ‘authentic’ American locations.

This is going to be the first ‘Fully’ Cisco based Splunk .Conf. In .Conf23 we all knew the buy out was happening, .Conf24 it was confirmed and now we have .Conf25 where the tag line really is ‘a Cisco company’.

Tickets and conference details are available direct from the Splunk Conf website

Splunk .Conf25

We submitted a number of talks to the original ‘Call for Speakers’ back in January. Whilst we’ve heard horror stories from others about all their talks being rejected, we’re proud that we’ve one talk already accepted and another on the reserve list for if space comes available.

PLA1125: The cost savings of migrating with Splunk Cloud

Our accepted talk is a technical session where we intend to show how we have successfully migrated numerous organisations to and from Splunk Cloud. We’ve taken some pretty bold approaches and learnt a lot in doing so, with our intention of sharing those lessons learnt with a wider audience. It also helps of course that in doing so we’ve saved some organisations some hefty chunks of cash.

In under six months we migrated a mature Splunk Enterprise Security instance both ways between On-Premise and Cloud and saved money. Cloud migrations can be simple, cost effective and align to business objectives, including retaining data portability and sovereignty. Federating searches improves resilience and keeps your in control of your data. We'll talk through our process, how we did our move the factors that you might want to consider ahead of your next license renewal.

SEC1041: Rule the Rules: Managing Splunk ES Content as Code with ContentCTL

This is something very close to our heart and something we would love to present more than the platform talk. This is our building on top of ContentCTL and ensuring that you can control all the rules and detections across multiple Splunk environments – as well as keeping Splunk ES 7 and ES 8 synchronised.

Managing Enterprise Security (ES) detections manually is messy and risky. What if you could track, test, and automate changes like code? This session explores ContentCTL, a tool that enables auditable, transparent, and testable ES content updates. Learn how to version detections, validate changes before deployment, and streamline rule management, ensuring your SOC operates efficiently with confidence and control.

What Next ?

We’ve already confirmed and accepted our space for the Platform talk. We hope that following the deadline for acceptance next week that there will be spaces come available and that we also get to do the Security Talk. If we don’t, then of course there might always be the clandestine ‘alt’ conference presentation to be held outside of .Conf where can share the talk with like minded individuals.

So with plane tickets booked, we’re now on the hunt for accommodation and armed with powerpoint and a GitHub account, it’s now time to start creating the content.