Author Andy Gibbs - Security Consultant
Somerford Associates has assisted hundreds of organisations across the UK to achieve a successful implementation of Splunk, helping to integrate their tooling into the heart of our customers’ businesses to provide effective management of their IT services. Sadly, we’ve also been called upon to help out some organisations who were struggling to realise the benefits they were anticipating from Splunk. So what are the keys to a successful implementation and what are some of the pitfalls? I’d like to share some tips based upon our experiences (good and bad) from working with our customer base.
The ‘holy trinity’ - people, process and technology
Just Starting Out?
If you are in the earlier stages of implementation, take care to understand your business, service and IT priorities and focus on addressing these first. It is easy to get swept away with the functionally rich features Splunk has to offer, especially for the technically-minded. That's not to say you shouldn't explore the extensive capabilities of Splunk - but there's a time and place for experimentation. Assess your security and operational risks and opportunities, and use these to prioritise activities that will yield the biggest benefits early on. Keep your initial reports and dashboards simple and make any refinements once you've proven they work. Always avoid using your live production environment for trying out new features or testing new reports - build a sandpit for the 'techies' and actively encourage them to try out new features and functions there. Keep your stakeholders informed of progress regularly and demonstrate successes as they happen.
There's a high chance you'll have had to justify your investment in Splunk based on business benefit, and often competing with other large scale IT or security projects for a slice of a restricted budget. So having gained the funding, it's important that you can show the investment decision was sound by demonstrating that the intended benefits are actually being delivered. Here's some thoughts;
This list shows just some of the ways Splunk can be integrated into your operational and business planning environments to help better manage your organisation.
If you need help getting the best from your Splunk implementation, contact Somerford Associates (Splunk Elite Partners) who have expertise in this area. We can assist with: