Splunk Value Acceleration Program
Value Acceleration Program for Splunk
Your Success, Our Priority
Supercharge your Splunk Experience with SP6
Focused on Your Business Objectives
At SP6, we’re all about helping you meet your unique organizational needs. Our Value Acceleration Program for Splunk is designed to laser-focus on your business objectives. This includes:
Splunk has designated us as an Elite Partner.
Years of Industry Experience
We map out business objectives specific to your needs, ensuring you’re always on track.
We’re all about sharing our expertise with your team.
Subject Matter Experts
We fill in the gaps where your team might need a little extra help.
No more panicking during staff turnovers; we’ve got you covered.
We’ll help you cut down on operational and license costs.
Our alerting content and response processes save you time.
We’ve got a hotline to Splunk’s top dogs when situations call for it.
Let’s chat about how we can help your organization maximize the power of Splunk.
Obsessed with Customer Success
We’re North America’s largest and most accomplished Splunk Service Delivery Partner
Splunk recognizes us
as a Focus Partner for
The Key Components of our Co-Managed Splunk Services
Leverage SP6’s Elite Splunk Partnership
Wondering what’s included? Here’s the breakdown:
SP6 provides a baseline of services for the Splunk platform. The purpose of base services is to ensure Splunk platform uptime, health, and functionality are maintained at the highest level. These include:
- Splunk Enterprise and app upgrades (to approved versions)
- Troubleshooting of issues within Splunk environment, including silent log source monitoring
- Periodic Environment and Performance Review. A complete review of the environment to search for performance issues, invalid configurations and data integrity. The review will be conducted with an eye toward the customers Splunk related goals.
Specific items given focused review:
- Core configurations
- Search Head configurations
- Indexing strategy and core configurations
- Internal warnings and errors
- Configuration management and apps installed
- Resource utilization
- Data sources
- Data for completeness and parsing
- Estimates of Service Credit usage
Detailed Service Credit Utilization:
Beyond any specific business objectives outlined as top priorities in our discovery sessions, services credits can be applied in support of work to evolving your cyber security posture, improving your compliance adherence, advancing your deployment maturity, elevating Splunk performance, health and observability.
Click on the services for more detail.
- Deployment Server management to distribute Splunk Universal Forwarder (UF) configurations
- Syslog servers that collect data from infrastructure systems (firewalls, IDS, UPS or any other syslog generating device)
- Splunk Stream to capture wire data and output raw or statistical information about the data.
- Re-architecture of Syslog aggregation for Splunk or extensive modification to SP6 recommended Syslog configuration (configuring new storage, building for high availability, etc.)
- Expanding log source collection of existing data sources
- On-boarding of new data sources
- Custom script development (e.g., for data collection or integration to non-standard products)
- Development of custom scripts/Apps/TAs are evaluated on a case-by-case basis
- Mapping data sources to Splunk Common Information Model (for those not already mapped by Splunk add-ons)
- Splunk Enterprise and application upgrades (to approved versions)
- Creating and modifying roles and user group associations
- Modifying indexes and retention policy
- Installation and configuration of Splunk certified applications and Technology Add-ons (TA’s)
- Installing non-certified Splunk apps and add-ons are evaluated on a case-by-case basis
- Re-architecture of authentication into Splunk (LDAP connection, SSO, etc.)
- Evaluate largest consumers of data ingest within the customer’s organization
- Perform log value audits (in conjunction with customer teams, evaluate logs and filter what is
- and is not necessary for security, compliance, and other stated use cases)
As a result:
- Reduce license usage on data sources, by reviewing data and events that have high
- analytics value versus low value, or reducing duplicate logging
- Allow capacity to be repurposed for other necessary analytics use cases
- Full stack health checks & architecture reviews
- Platform performance tuning
- Troubleshooting issues within Splunk environment, including silent log source monitoring
- Providing answers and expert guidance to questions about Splunk
Periodic review of:
– Errors/warnings reported by internal Splunk logs
– Log normalization (CIM); monitoring to ensure nothing has changed (e.g., CIM compliant logs have not changed in structure)
Note that SP6 will normalize net new logos or completely new data sources.
- Security operations detection maturity roadmap
- Develop rules to detect future intrusions
- Risk-based alerting implementation and maturity
- Research and deconstruct cyber-attacks into sequenced Indicators of Compromise (IOC) detectable through Splunk logs
- Conduct open-ended analysis of large data sets to find network activity baselines as well as abnormalities
- Test security detection effectiveness using attack simulation tools
- Review and assist in mapping rules to cyber kill chains and campaign strategies
- Managing knowledge objects
- Developing and tuning searches, reports, alerts, or correlation searches
- Developing a dashboard to include (4) panels
- Creating a drill-down from a dashboard
- Creating or modifying a macro, lookup, tag, or event type
- Creating a workflow action
- Configuration and development of search macros and automatic lookups
- Tuning correlation searches, reports, and alerts
- Custom field extractions and transformations for unstructured data sets
- Creating data models
- Creating custom dashboarding and reporting
- Monitoring maturity roadmap creation
- Service modeling roadmap creation
- Performing service decomposition workshops
- ServiceNow and Splunk On-Call integrations
- Splunk Observability Cloud (O11Y) cloud integrations
- KPI Base Search Creation
- Service KPI tuning
- Developing custom KPI threshold templates
- Building glass table dashboards
- ITSI entity creation
- ITSI team configurations
- ITSI service buildout
- Notable Event aggregation policy creation and tuning
- ITSI upgrades
- ITSI health checks and remediation
- Content pack installation and configuration
- Data on-boarding (OTEL Collector, Splunk RUM, Splunk Synthetics, all of which bring in data in different ways)
- Custom synthetics script development
- Splunk On-Call configuration
What our Customers are Saying
Ready to Get Started?