Splunk Value Acceleration Program
Co-Managed Services for Splunk
Your Success, Our Priority
Supercharge your Splunk Experience with SP6
Co-Managed Services Focused on Your Business Objectives
At SP6, we’re all about helping you meet your unique organizational needs. Our Co-Managed Services are designed to laser-focus on your business objectives. This includes:
- Cybersecurity Expertise: We'll armor up your cybersecurity defenses, protecting your data like it's our own.
- Splunk Prowess: We're Splunk experts, and we're here to fine-tune your Splunk platform for peak performance.
- Tailored Solutions: One size doesn't fit all. We customize our services to your specific business objectives because your success is our success.
- An Extension of Your Team: Your goals are our goals! We've got a team of product and domain subject matter experts who are ready to dive in and get their hands dirty.
- Tangible Business Outcomes: We're not here to rack up billable hours. We're here to deliver results that make a real impact on your business.
Splunk has designated us as an Elite Partner.
Splunk-accredited engineers
Average Years of Industry Experience
Average Years of
Splunk Expertise
Quarterly Planning
We map out business objectives specific to your needs, ensuring you’re always on track.
Knowledge Transfer
We’re all about sharing our expertise with your team.
Subject Matter Experts
We fill in the gaps where your team might need a little extra help.
Risk Reduction
No more panicking during staff turnovers; we’ve got you covered.
Cost Savings
We’ll help you cut down on operational and license costs.
Efficiency
Our alerting content and response processes save you time.
Let’s chat about how we can help your organization maximize the power of Splunk
What’s Included?
Base Services
SP6 provides a baseline of services for the Splunk platform. The purpose of base services is to ensure Splunk platform uptime, health, and functionality are maintained at the highest level. These include:
- Splunk Enterprise and app upgrades (to approved versions)
- Troubleshooting of issues within Splunk environment, including silent log source monitoring
- Periodic Environment and Performance Review. A complete review of the environment to search for performance issues, invalid configurations, and data integrity. The review will be conducted with an eye toward the customers Splunk-related goals.
Specific items given focused review:
- Core configurations
- Internal warnings and errors
- Configuration management and apps installed
- Resource utilization
- Data sources
- Searches
- Data for completeness and parsing
- Estimates of Service Credit usage
Detailed Service Credit Utilization:
Beyond any specific business objectives outlined as top priorities in our discovery sessions, service credits can be applied in support of work that’s evolving your cyber security posture, improving your compliance adherence, advancing your deployment maturity, and elevating Splunk performance, health and observability.
Click on the services for more detail.
- Deployment server management to distribute Splunk Universal Forwarder (UF) configurations
- Syslog servers that collect data from infrastructure systems (firewalls, IDS, UPS or any other syslog generating device)
- Splunk HTTP event collector (HEC) to ingest data from custom applications (Java, .NET, JavaScript, or other web apps)
- Splunk Stream to capture wire data and output raw or statistical information about the data
- Re-architecture of Syslog aggregation for Splunk or extensive modification to SP6 recommended Syslog configuration (configuring new storage, building for high availability, etc.)
- Expanding log source collection of existing data sources
- On-boarding of new data sources
- Custom script development (e.g., for data collection or integration to non-standard products)
- Development of custom scripts/Apps/TAs are evaluated on a case-by-case basis
- Mapping data sources to Splunk Common Information Model (for those not already mapped by Splunk add-ons)
- Splunk Enterprise and application upgrades (to approved versions)
- Creating and modifying roles and user group associations
- Modifying indexes and retention policy
- Installation and configuration of Splunk-certified applications and Technology Add-ons (TA’s)
- Installing non-certified Splunk apps and add-ons are evaluated on a case-by-case basis
- Re-architecture of authentication into Splunk (LDAP connection, SSO, etc.)
- Evaluate largest consumers of data ingest within the customer’s organization
- Perform log value audits (in conjunction with customer teams, evaluate logs and filter what is and is not necessary for security, compliance, and other stated use cases)
As a result:
- Reduce license usage on data sources, by reviewing data and events that have high analytics value versus low value, or reducing duplicate logging
- Allow capacity to be repurposed for other necessary analytics use cases
- Full stack health checks & architecture reviews
- Platform performance tuning
- Troubleshooting issues within Splunk environment, including silent log source monitoring
- Providing answers and expert guidance to questions about Splunk
Periodic review of:
– Errors/warnings reported by internal Splunk logs
– Log normalization (CIM); monitoring to ensure nothing has changed (e.g., CIM compliant logs have not changed in structure)
Note that SP6 will normalize net new logs or completely new data sources.
- Security operations detection maturity roadmap
- Develop rules to detect future intrusions
- Risk-based alerting implementation and maturity
- Research and deconstruct cyber-attacks into sequenced Indicators of Compromise (IOC) detectable through Splunk logs
- Conduct open-ended analysis of large data sets to find network activity baselines as well as abnormalities
- Test security detection effectiveness using attack simulation tools
- Review and assist in mapping rules to cyber kill chains and campaign strategies
- Managing knowledge objects
- Developing and tuning searches, reports, alerts, or correlation searches
- Developing a dashboard to include (4) panels
- Creating a drill-down from a dashboard
- Creating or modifying a macro, lookup, tag, or event type
- Creating a workflow action
- Configuration and development of search macros and automatic lookups
- Tuning correlation searches, reports, and alerts
- Custom field extractions and transformations for unstructured data sets
- Creating data models
- Creating custom dashboarding and reporting
- Monitoring maturity roadmap creation
- Service modeling roadmap creation
- Performing service decomposition workshops
- ServiceNow and Splunk On-Call integrations
- Splunk Observability Cloud (O11Y) cloud integrations
- KPI Base Search Creation
- Service KPI tuning
- Developing custom KPI threshold templates
- Building glass table dashboards
- ITSI entity creation
- ITSI team configurations
- ITSI service buildout
- Notable event aggregation policy creation and tuning
- ITSI upgrades
- ITSI health checks and remediation
- Content pack installation and configuration
- Data on-boarding (OTEL Collector, Splunk RUM, Splunk Synthetics, all of which bring in data in different ways)
- Custom synthetics script development
- Splunk On-Call configuration
Have Questions About SP6’s Splunk Co-Managed Services?
Obsessed with Customer Success
Average
Customer
Satisfaction Score
Completed
Projects
We’re North America’s largest and most accomplished Splunk Service Delivery Partner
Splunk recognizes us
as a Focus Partner for
those SWAT-team
situations
The Key Components of our Co-Managed Splunk Services
- Business Objectives: We define and track outcomes specific to your organization, ensuring progress toward your goals.
- Daily/Weekly Engagement: Our primary and secondary engineering resources work closely with your team, with regular communication to stay aligned.
- Service Cloud Portal: Your needs, including business objectives, are tracked through our portal for complete transparency.
- Quarterly Business Reviews: Formal sessions to review major work completed and ensure alignment with your business objectives.
