Are you having an issue on-boarding data with Splunk? Does your Splunk seem to underperform? Are you having trouble scaling? August Schell can walk you through these issues to help optimize your Splunk Environment.
What is reviewed during the Splunk Optimization Assessment?
Data On-Boarding
- Forwarded/Indexed using Splunk best practices
- Using forwarder management to configure Splunk Universal Forwarders
- Trouble with RegEx
- Data coming incorrectly
- Indexes, Host, Source, Source type, Timestamp
Indexes
- Where is data being stored? Move cold buckets to a separate drive?
- Optimize retention policies, max-size to customers needs
Field Extractions
- Check all useful fields extracted for searching and visualizations
Licensing
- Look into license usage, help with modification request
- Future forecasting
- Premium Apps
Access Controls
- User and Roles have correct permissions
Relevant Free Apps
- Free apps that can benefit your environment
Dashboards & Alerts
- Look through search queries and optimize where possible
Additional Services Offered
- New data on-boarding
- Splunk Enterprise Security support
- Building custom dashboards, reports and alerts
- Adding user authentication (i.e. LDAP, SAML) or multi-factor authentication
- Using Lookup tables
- Setup new apps
- Configuring distributed environment