splunk partner logo

Observations from a Splunk Consultant - Why you should have a Professional give your Splunk a check-up.

15/03/19 – Author:  Martyn O’Connor MBE – Certified Splunk Consultant

Splunk is a fantastic product, but there is one feature going against it that can sometimes trip people up – it’s so intuitive and easy to get to grips with that users can just jump in and use it without much understanding of how it works under the hood. This can often lead users into a false sense of confidence about how their environment is functioning. As a Splunk Professional Services Consultant, I’ve witnessed many times where a customer has been very happy with their Splunk environment, but hadn’t realised that through not knowing important principles about how Splunk works, they were actually using Splunk in a way that hindered its overall health.

At Somerford we offer a variety of health check services for Splunk, and here are some top reasons why you should consider one:

Efficiency boosts in searching, dashboarding, and alerting

The Splunk search language – known as SPL – is relatively intuitive, so it’s very easy for users to start crafting searches that power dashboards, reports and alerts. However, as the old adage goes, there is more than one way to skin a cat. When it comes to Splunk, there’s more than one way to power a dashboard and often the most efficient way is not the easiest. In my experience, I’ve seen many a user whose search works, but it’s slow and inefficient. This means they have to wait longer, they use more CPU, more RAM and put a greater overall load on the system. Slower performance means less timely insight into their data and poor user experience. Professional Services Consultants are trained to focus in on finding the greatest efficiency in searches and can review all of your searches to deliver a faster overall user experience.

Environment Optimisation

Splunk can exist as an all in one environment on a single server, or it can scale to thousands of separate indexers, search heads, and forwarders spread across the globe. How exactly it scales depends on the customer’s needs. Professional Services Consultants can examine your use cases and your requirements in regards to Disaster Recovery and High Availability and can recommend to you the best fit for your business. In cases where you need help with implementation, they can also get you from where you are now, to where your business needs to be. As part of this review, they can also look at what data sources you are onboarding and how they map against the questions your business needs answers for from the data. Perhaps you are onboarding data that is of no business use? Or, perhaps you have a data source you’re not onboarding that can provide the answers to critical business questions. Let the experts guide you to get the most business value out of your Splunk.

Security and Legal Compliance

In the wake of GDPR, the threat of huge fines for companies if they fail to live up to the requirements placed upon them is a significant one. I’ve seen many companies rush to tick the boxes when it comes to their security by simply buying a solution and pointing to it as their “due diligence” when it comes to security. It is, however, in many ways a false economy. Simply buying a solution but not actively using it to get real insight is not a meaningful approach to security. With a health check, our CISSP certified Splunk Professional Services Consultants can review what security monitoring you have at present, and recommend solutions which provide you with a robust and proactive security monitoring system.

Greater security of your Splunk instance’s data and the insider threat

By the nature of the product, Splunk serves as a data aggregation tool, which means a lot of your company’s potentially sensitive information can be held in one place, accessible by one tool. How confident are you that you’re controlling access to that data properly? Are users able to see more data than they need to in order to do their job? What would happen if someone exported a large volume of that data for nefarious purposes? How would you even know if they had? Our Splunk Professional Services Consultants can advise you on ways to lock down access to Splunk, and compartmentalise information to ensure that users only see what they need to, in order to help you achieve confidence that your business is compliant with data protection regulations.

Gain Deeper Insights and see the future

You may be using Splunk for monitoring purposes, with dashboards that tell you enough about what you want to know, but what if they could give you a much deeper insight? What if you could not only know how your servers have been performing historically, but also receive warnings ahead of time before a server falls over? This would allow you to get an engineer on site before a server fails, or to spin up a standby before that failure had an impact on your business. Splunk Professional Services Consultants can review your dashboards, reports, and alerts and use Splunk’s inbuilt predictive functions to project your data forward in time and give you insight into not just what has happened, but what may happen. For detailed health monitoring of your IT and services infrastructure, our consultants can also provide advice and guidance on Splunk ITSI.

Are you making the most of your Splunk instance?

Splunk is a super useful tool for gaining insight into your data, and business value from it. Some of my favourite examples of using data to get real world value include the Gatwick Airport story, because who likes waiting in queues to get through security, and the Deutsche Bahn story about real time monitoring of their fleet. Two great examples of how Splunk can make huge changes to the way a business operates for the better possible. In both cases, the organisations already had the data they needed, they just needed to put it to work. If you’re already using Splunk, can you be sure you’re making the most out of your investment? Somerford works daily with its customers and with Splunk to help businesses get more value out of their data, and to be more competitive, more efficient, more secure, and more profitable. If you already have Splunk, we can help you identify ways to gain more business value from it. If you’re thinking about using Splunk, let us help you identify the best way to tailor it to your business needs. Somerford likes to work in partnership with our customers, taking the journey with them towards the solution, rather than viewing the relationship as purely transactional. Your success is our success.

Is your SIEM due an MOT? - Part 1

Register for a complimentary Health Check on your Splunk Instance

Not sure how to contact us?

Schedule a call with one of our certified engineers and pre sales team. Or drop us a line if you have any questions.