Pharmaceutical Case Study

How a global Pharmaceutical Company expanded their use of Splunk and reduced expenditure.

Customer Profile

A global pharmaceutical company were looking to migrate their Security Operations centre running Splunk Enterprise Security whilst expanding their use of the Splunk platform and sustaining their future data analytic requirements. All at the same time as consolidating their technologies and reducing their overall expenditure.

Technology Products


The easiest way to aggregate and get IT, Security, IoT and business answers from your Machine Data at a massive scale and speed to give you true insights.

Enterprise Security

Gain end-to-end visibility into your security posture with actionable intelligence that helps you prioritise and act fast.


Performance issues, software out of date, system stability, complex migration from 2 Search Heads to dual search head clusters. New use cases requested across the business, meeting the demands of varied data owners and requirements.


New rollout of a global Splunk environment consisting of 2 multi-site indexer clusters, 2 search head clusters, global deployment server architecture, load balancing for Splunk Stream and collected data source collection, heavy forwarders and cloud data sources. Data sources consisted of the following:

Cloud based data sources

AWS, Azure

On prem infrastructure

Windows, Linux, UNIX

Security Tools

Custom Applications

Database data

Network Data

Physical Hardware

A parallel implementation, building two new multi-site indexer clusters across the globe, with two search head clusters, one for ES and one for Service and Infrastructure monitoring. Then onboarding over 50 different data sources, whilst also maintaining the live environment prior to migrating to the new environment within extreme time pressures.

Why Somerford?

Somerford was able to orchestrate and deploy multiple consultants to run different pipelines of work in parallel to meet the time pressures, whilst our in-house project management team were able to maintain strong forward momentum and a high level of communication within the team to accurately track all tasks and outstanding actions.

The complexity of the tasks and the requirement for no downtime to critical security operations meant the migration and handling of the migration process was not trivial. Running items in parallel, meant the split firing of data was required to maintain security data into the old system whilst onboarding new data sources into the new environment before the full migration was completed. Additionally, the migration was designed in a way that completed an upgrade of the platform, merging and consolidation of configuration, removing any erroneous and damaging config, upgrading the environment and planning for a new index design.

Get the same for your business

Schedule a call with one of our certified engineers and pre sales team. Or drop us a line if you have any questions.

Scroll to Top


Experienced Project Management and Professional Services team
We have a team of over 15 certified consultants in Splunk and all of our products we deliver.

An online questionnaire designed to gain an understanding of your current Cloud Strategy.

Our Project Managers are responsible for the full life cycle of our projects.

Solutions Team

Learn more about our industry leading solutions and delivery team.