Not sure what our Splunk packages are all about?
Even the most mature of Splunk users welcome the assurance of knowing they can turn to the experts when they need to.
Apto assurance packages are designed to provide you with piece of mind that help is there when you need it, with none of the restrictions of a typical support contract.
Our straightforward packages can provide in hours support to your Splunk deployment, meaning that your Splunk engineers don’t get distracted from their key operational roles.
Our packages are also perfect if you want to do the majority of the Splunk work yourself, but want Splunk core certified consultants to provide help and advice, tips and tricks along the way. We can tailor a package to provide whatever level of assurance you want.
What to Expect
Our Support packages are flexible in duration from 6 months term. Our team of Splunk experts will be on hand to handle queries and provide guidance
The scope of our assurance can cover all aspects of Splunk and ensuring project success. Activities include;
Setting up your project for success
Support the initial kick off tasks. Review the scope of the project, ensure stakeholders are clearly mapped and constraints understood. Ensure required benefits and outcomes and intention of project are understood and documented. Ensure a glossary of terms defined, that key risks and issues are reviewed. Help identify opportunities for the project to add additional value
Ensure that roles and responsibilities and levels of authority have been agreed and documented. Ensure a technical governance processes has been agreed. Ensure that good reporting and control processes are in place
Make sure current data sources are ingesting correctly. Ensure events are line breaking correctly and are truncated and timestamped correctly. Provide guidance and support to fix them if they are not correct. Help ensure that the required remaining data sources are ingested. Provide guidance to installing TA’s and assistance/guidance in building custom TA’s if required
Review to make sure data sources have the CIM fields that they need mapped out. This is often done by TA’s for well-known source types so it is important to ensure that TA’s are installed and working correctly. There can often be issues with this.
Providing review and guidance to make sure identity tables are following best practices and that the processes are in place to update it.
Similar to entity but for physical devices. Ensure there is a defined priority. Ensure this is set up correctly and can be updated. Advise around keeping it up to date.
Initial Use Cases
Provide guidance and review around optimising and ensuring that searches are quick and don’t provide too many false positives. Ensure that use cases are written efficiently.
If use cases are ‘out the box’ then if CIM mapping is correct there should be little issue or guidance required. Review that the right data has gone into the data model
If existing Apps are written following best practice then this is a case of ensuring configuration is updated correctly. If current apps are not following best practice then more oversight is required. We can ensure that the config is done properly and identify any risks / issues associated with migrating them. We can provide support to help with migration if required – editing indexing config etc.
Look at notable events and ensure there’s not too much noise in the data and that the events being managed are meaningful, and operators are not bombarded with low priority events.
Use Case Factory & Alerts
Make sure there is a process in place to write new use cases. This should include a best practice approach and continuous improvement. Help to review use cases.
Enable Effective Management and Triage
Ensuring that users know how to triage incidents and understand the Splunk framework for incidents and associated risks
Training and Knowledge Retention
Making sure that for any work which is done, the customer watches and understands what is being done and why it is being done to ensure that they can do it themselves in the future.
Flexible pricing options are available, based on a flat fee or per incident. We can build a package which meets your needs, depending on how you use Splunk and the details of your deployment
Call us today to find out more about how we can support you in your Splunk journey
call us on +44(0)845 226 3351 or send us an email…