Co-Managed Services for Splunk

Your Success, Our Priority

Splunk 2023-2024 Partner of the Year Award Winner

Supercharge your Splunk Experience with SP6

Co-Managed Services Focused on Your Business Objectives

At SP6, we’re all about helping you meet your unique organizational needs. Our Co-Managed Services are designed to laser-focus on your business objectives. This includes:

Splunk has designated us as an Elite Partner.

+
Splunk-accredited engineers
+
Average Years of Industry Experience
+
Average Years of
Splunk Expertise
Splunk Services

Quarterly Planning
We ma
p out business objectives specific to your needs, ensuring you’re always on track.
 

Splunk Services

Knowledge Transfer
We’re all about sharing our expertise with your team.
 

Subject Matter Experts
We fill in the gaps where your team might need a little extra help.
 

Risk Reduction
No more panicking during staff turnovers;
we’ve got you covered.
 

Splunk Services

Cost Savings
We’ll help you cut down on operational and license costs.
 

Splunk Services

Efficiency
Our alerting content and response processes save you time.
 

Let’s chat about how we can help your organization maximize the power of Splunk

What’s Included?

Base Services

SP6 provides a baseline of services for the Splunk platform. The purpose of base services is to ensure Splunk platform uptime, health, and functionality are maintained at the highest level. These include: 

  • Splunk Enterprise and app upgrades (to approved versions) 
  • Troubleshooting of issues within Splunk environment, including silent log source monitoring 
  • Periodic Environment and Performance Review. A complete review of the environment to search for performance issues, invalid configurations, and data integrity. The review will be conducted with an eye toward the customers Splunk-related goals.  

Specific items given focused review: 

  • Core configurations 
  • Internal warnings and errors 
  • Configuration management and apps installed 
  • Resource utilization 
  • Data sources 
  • Searches 
  • Data for completeness and parsing 
  • Estimates of Service Credit usage

Detailed Service Credit Utilization:

Beyond any specific business objectives outlined as top priorities in our discovery sessions, service credits can be applied in support of work that’s evolving your cyber security posture, improving your compliance adherence, advancing your deployment maturity, and elevating Splunk performance, health and observability.

Click on the services for more detail. 

  • Deployment server management to distribute Splunk Universal Forwarder (UF) configurations 
  • Syslog servers that collect data from infrastructure systems (firewalls, IDS, UPS or any other syslog generating device) 
  • Splunk HTTP event collector (HEC) to ingest data from custom applications (Java, .NET, JavaScript, or other web apps) 
  • Splunk Stream to capture wire data and output raw or statistical information about the data 
  • Re-architecture of Syslog aggregation for Splunk or extensive modification to SP6 recommended Syslog configuration (configuring new storage, building for high availability, etc.) 
  • Expanding log source collection of existing data sources 
  • On-boarding of new data sources 
  • Custom script development (e.g., for data collection or integration to non-standard products) 
  • Development of custom scripts/Apps/TAs are evaluated on a case-by-case basis 
  • Mapping data sources to Splunk Common Information Model (for those not already mapped by Splunk add-ons) 
  • Splunk Enterprise and application upgrades (to approved versions) 
  • Creating and modifying roles and user group associations 
  • Modifying indexes and retention policy 
  • Installation and configuration of Splunk-certified applications and Technology Add-ons (TA’s) 
  • Installing non-certified Splunk apps and add-ons are evaluated on a case-by-case basis 
  • Re-architecture of authentication into Splunk (LDAP connection, SSO, etc.) 
  • Evaluate largest consumers of data ingest within the customer’s organization 
  • Perform log value audits (in conjunction with customer teams, evaluate logs and filter what is and is not necessary for security, compliance, and other stated use cases) 

As a result: 

  • Reduce license usage on data sources, by reviewing data and events that have high analytics value versus low value, or reducing duplicate logging 
  • Allow capacity to be repurposed for other necessary analytics use cases 
  • Security operations detection maturity roadmap 
  • Develop custom content including alerts, dashboards and reports
  • Tune alerts to reduce the volume of false-positive alerts and provide higher-fidelity alerts
  • Risk-based alerting implementation and maturity 
  • Research and deconstruct cyber-attacks into sequenced Indicators of Compromise (IOC) detectable through Splunk logs 
  • Conduct open-ended analysis of large data sets to find network activity baselines as well as abnormalities 
  • Test security detection effectiveness using attack simulation tools 
  • Review and assist in mapping rules to cyber kill chains and campaign strategies 
  • Managing knowledge objects 
  • Developing and tuning searches, reports, alerts, or correlation searches 
  • Developing a dashboard to include (4) panels 
  • Creating a drill-down from a dashboard 
  • Creating or modifying a macro, lookup, tag, or event type 
  • Creating a workflow action 
  • Configuration and development of search macros and automatic lookups 
  • Tuning correlation searches, reports, and alerts 
  • Custom field extractions and transformations for unstructured data sets 
  • Creating data models 
  • Creating custom dashboarding and reporting 
  • Full stack health checks & architecture reviews 
  • Platform performance tuning 
  • Troubleshooting issues within Splunk environment, including silent log source monitoring 
  • Providing answers and expert guidance to questions about Splunk 
  • Periodic review of:
    Errors/warnings reported by internal Splunk logs 
    Log normalization (CIM); monitoring to ensure nothing has changed (e.g., CIM compliant logs have not changed in structure) 
    Note that SP6 will normalize net new logs or completely new data sources.

  • Monitoring maturity roadmap creation 
  • Service modeling roadmap creation 
  • Performing service decomposition workshops 
  • ServiceNow and Splunk On-Call integrations 
  • Splunk Observability Cloud (O11Y) cloud integrations 
  • KPI Base Search Creation 
  • Service KPI tuning 
  • Developing custom KPI threshold templates 
  • Building glass table dashboards 
  • ITSI entity creation 
  • ITSI team configurations 
  • ITSI service buildout 
  • Notable event aggregation policy creation and tuning 
  • ITSI upgrades 
  • ITSI health checks and remediation 
  • Content pack installation and configuration 
  • Data on-boarding (OTEL Collector, Splunk RUM, Splunk Synthetics, all of which bring in data in different ways) 
  • Custom synthetics script development 
  • Splunk On-Call configuration  

Have Questions About SP6’s Splunk Co-Managed Services?

Obsessed with Customer Success

+
Average
Customer
Satisfaction Score
+
Completed
Projects
United States Map

We’re North America’s largest and most accomplished Splunk Service Delivery Partner

Splunk recognizes us
as a Focus Partner for
those SWAT-team
situations

The Key Components of our Co-Managed Splunk Services

What Our Customers Are Saying

Our SP6 consultant exceeded my expectations in every way. He was friendly, professional, efficient, and knowledgeable. He explained in granular detail all the things that would help me later, and since he finished everything on the SOW by day 3, we had a good amount of time to bring in some additional data and build some useful custom dashboards for Splunk management.
[SP6 Engineer] was pivotal in the success of this engagement. From the beginning, we identified that this was going to be a difficult customer with huge demands. [SP6 Engineer] established that trusted relationship early on in the engagement and provided that intimate oversight that calmed the customer throughout the lifecycle of this engagement. He provided ongoing project updates and project status that kept everyone informed. His attention to detail in ensuring that all potential risks and/or obstacles were addressed and quickly resolved and remediated ensured a seamless engagement.

Learn more about how we can maximize the value of Splunk within your organization.