Browse the Community


What are the BOSS competitions? 

Played individually or in teams of up to four, Boss of Ops and Observability (BOO) and Boss of the Security Operations Center (BOTS) requires participants to pivot through realistic data sets using Splunk Enterprise and the entire Splunk product portfolio.

Who Should Play 

BOO and BOTS are the best place to see where you stand, understand how you can improve, and learn from Splunk experts. All are welcome whether you’re new to Splunk or a self-appointed expert! You’ll be able to spend time working through fun problems and network with a global audience of your peers. If you have the curiosity and desire you should play! There is something for everyone.



Boss of Ops and Observability (BOO)

Read more about the changes from BOTN to BOO in our blog post.

The Scenario

You and your team will assume the role of Ace, Splunk T-Shirt Co.’s Site Reliability Engineer and ultimate IT and Observability guru. You will need to monitor, triage, and remediate a variety of P1, P2, and P3 episodes (aka incidents and outages). You will deep dive into real-world datasets using Splunk's IT and Observability platforms, get back to your roots with some core Splunk search and maybe even need to utilize the interwebs just like in real-life.

As always, there are many paths to victory and time is of the essence. You and your team will need to solve as many episodes as you can while racing the clock, earning points, and having fun. 

More information can be found on this shareable BOO flyer



Boss of the SOC (BOTS)

The Scenario 

You will role play as the quirky Security Analyst “Alice Bluebird”, a security analyst at Frothly, a thriving home brewing supply company. Contestants will pivot through a brand new,  realistic dataset using Splunk’s analytics-driven security platform and the wild, wild web. All the while racing the clock ( and the globe) to identify the who, how, and where through a series of full forensic investigations. 



Which one should I attend?


Boss of Ops and O11y

Boss of the SOC

Solutions Area

IT Operations and Observability

Security, Compliance and Fraud

Contact Information



On Demand Workshops

On Demand workshops are an extension of our in person security and IT/Observability workshops. We have curated a subset of these workshops and include recorded presentations of the content, broken into sections which make it easier for users to consume. There are challenge questions and time to explore the data built into the workshops as well as walk throughs to help users arrive at the answers. Links to relevant supplemental material is provided as well.

Ladies and Gentlemen, it’s time to Splunk your engines with BOO On-Demand Episodes!  We’ve revved up the fun in these episodes that use the excitement of racing and esports with Splunk’s Data Drivers series providing our data set and face challenges inspired by our friends at McLaren and McLaren Shadow Esports.  You’ll jump in the driver’s seat and get your hands on with Splunk Enterprise Cloud, Splunk Observability Cloud and Splunk IT Service Intelligence across these three high-octane episodes.


Partner Experiences

BOTS just launched our first partner experience with Corelight. Partner experiences bridge workshops and competitions. In this case Corelight provided a short workshop introducing Corelight and their integration to Splunk as well as two on demand scenarios of their capture the flag game that includes both Zeek and Suricata data, all in Splunk. Users have over 40 questions with hints to experience Corelight data in Splunk within 3 hours.