Converging Data

Splunk Cloud for Enterprise Logging, Analytics & Cyber Security

Splunk is the easy, fast and secure way to search, analyze and visualize the machine data generated by your IT systems and technology infrastructure—physical, virtual and in the cloud. Use Splunk Cloud and Enterprise in any combination and always have a unified view, and the same set of features.

Features

  • Cloud, hybrid or enterprise Deployment
  • Delivers Real-Time analytics - Dashboards Reports & Alerts
  • Collect and Index machine data from any location
  • Over 1000 custom apps from the Splunk Partner community
  • Specialist applications for Digital Health
  • Provides conformance, compliance and control over your data
  • Enterprise scalability, flexibility and performance
  • Splunk Enterprise Security SIEM Platform
  • Security Information and Event Management - SIEM Platform
  • Granular Access and Audit Controls

Benefits

  • Delivers real-time visibility of the service user experience
  • Troubleshoot performance or security incidents in minutes, not hours.
  • Collect and index any machine data from virtually any source.
  • Delivers the scalability, reliability and functionality you need
  • Find the relationships within your data.
  • Effective management of Cyber Security Incidents.
  • Deliver IOT solutions to manage processes and track equipment
  • Use visualisations of real-time data to empower decision makers
  • Use the dashboards to continually monitor events, conditions or KPIs.
  • Provides secure data handling, access controls, auditability and assurance.

Pricing

£890 per gigabyte per year

Service documents

Framework

G-Cloud 11

Service ID

2 2 6 9 9 1 8 7 0 1 6 4 2 7 3

Contact

Converging Data

Neil Murphy

+44 113 4510 100

neil.murphy@convergingdata.com

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
We supply Splunk Cloud & Enterprise, and provide add-ons and extensions to support HL7 integration in healthcare, RFID and location services tracking. We deliver Splunk Enterprise Security, Phantom and ITSI. Our IOT projects integrate a range of third party vendor solutions.
Our Splunk Consultants provide design and delivery support.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Splunk provides a 100% uptime SLA for Splunk Cloud. Customers receive service credits in the event of SLA failures, as set forth in current SLA schedule. As Splunk Cloud is offered uniformly across all customers, the SLA cannot be modified on a customer by customer basis.
System requirements
  • Client access to Splunk Cloud services is via the browser.
  • Data gathering requires peer to peer access from source services

User support

Email or online ticketing support
Email or online ticketing
Support response times
P1 = Splunk Cloud Service is completely inaccessible. P2 = One or more key features of Splunk Cloud Service unusable. P3 = Any other case where a Splunk Cloud Service is not operating as documented or when a Splunk Cloud Service is being used within the purchased aggregate volumes and storage periods. P4 = All enhancement requests. Response Times Initial Response & Acknowledgment, by case priority P1: 2 hours P2: Next business day P3: Two business days (*Splunk Light) P4: Two business days
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Splunk offers different response times and case handling based on case priority levels. These support levels are included within the Splunk license cost. P1 = A Production Splunk installation is completely inaccessible or the majority of its functionality is unusable. P2 = One or more important features of a Production Splunk installation has become unusable. P3 = Any other case. P4 = All enhancement requests. Enterprise and Global Service Agreements Response Time Status Update Fix or Workaround P1 4 Hours Daily 1 Business Day P2 Next Business Day Weekly 1 Week P3 2 Business Days Next Release P4 2 Business Days At Splunk's discretion Support Hours Support is provided via telephone, email and web portal. Support will be delivered by a member of Splunk's technical support team during the regional hours of operation listed below. P1: 24 x 7 P2: Monday through Friday during standard business hours (8 am to 5 pm Pacific); excluding Splunk holidays P3: Monday through Friday during standard business hours (8 am to 5 pm Pacific); excluding Splunk holidays (*Splunk Light) P4: Monday through Friday during standard business hours (8 am to 5 pm Pacific); excluding Splunk holidays
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Splunk Instructor-led classes are available virtually or at your site. We schedule virtual classes of the complete Splunk curriculum at least once a month. The classes are delivered live via web broadcast and have hands-on exercises through remote servers. Virtual classes are taught in four to five-hour segments, so you can keep up with your day job, or spend time on extra lab work. Learn more about our virtual classroom. Dedicated virtual classes are also available.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Splunk provides a range of options for extracting and publishing data into external repositories. This includes flat file exports, ODBC connections, rest API connectivity and data rolling into Hadoop clusters.
End-of-contract process
The price of the contract includes access to the Splunk cloud service for an unlimited number of people. The price of the contract defines the amount of data per day which can be added into the service. Splunk platform support is included in the price of the service. Additional professional services to develop new reports and dashboards or to provide data consulting, and analytics services are not included in the cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Dashboards reports and visualisations can be tuned to adapt to mobile devices.
Service interface
No
API
Yes
What users can and can't do using the API
Using the API
The Splunk REST API gives you access to the same information and functionality available to core system software and Splunk Web, which also use the API. API functions fall into one of the following categories, which have different interface behavior: Run searches. Manage objects and configurations. The REST API is organized around object and configuration resources. A resource is a single, named, object stored by splunkd, such as a job, a TCP raw input, or a saved search. Resources are grouped into collections. Each collection has some combination of resources and other collections. The API conforms to the Representational State Transfer (REST) architectural style. A REST(ful) architecture has the following properties. Separation of concerns, such as data storage and access mechanisms, between a client and server. A stateless client-server interaction, where there is no concept of a session. Clients supply all information in server requests without relying on stored state on the server. Optional data caching to improve request-response performance. A generalized, uniform interface for simplicity. A layered arrangement of architectural components. REST architecture components are arranged hierarchically, where child nodes are discoverable by parent nodes and contain their scope of information without reference to other nodes.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Splunk provides an agile reporting and analytics capability. Reports and dashboards are fully customisable. Role based access is available to allow the customer full control over changes and customisations.

Scaling

Independence of resources
Services are deployed on fully independent AWS VPC containers, there is no resource contention.

Analytics

Service usage metrics
Yes
Metrics types
Splunk is an analytics platform, reports on usage and utilisation come out of the box, and can be tuned to an organisations specific requirements.
Metrics types

Number of active instances
Other
Other metrics

Data Ingested
Splunk Infrastructure deployed
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Splunk

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Splunk has attained compliance attestations and certifications from industry-leading auditors as part of our commitment to adhere to industry standards worldwide. SOC 2 Type II: Splunk Cloud is SOC 2 Type 2-compliant. The SOC 2 audit assesses an organization's security, availability, process integrity, and confidentiality processes providing assurance about the systems that a company uses to protect customers' data. ISO 27001: Splunk Cloud is ISO/IEC 27001:2013-certified. ISO/IEC 27001:2013 is a standard for an information security management system, specifying the policies and procedures for all legal, physical, and technical controls used by an organization to minimize risk to information.
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Splunk provides a range of options for extracting and publishing data into external repositories. This includes flat file exports, ODBC connections, rest API connectivity and data rolling into Hadoop clusters.

Users can also download the results of reports and summaries to CSV or PDF files directly from the report interface if required.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • JSON
  • Hadoop
  • SQL
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Splunk can ingest machine data from virtually any source
  • Structured & Unstructured
  • Relational Database content (oracle & SQL for example)
  • Direct Network IP or Syslog data
  • HTTP Event Collection
  • MQ Message Series

Data-in-transit protection

Data protection between buyer and supplier networks
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Data Encryption: All data in transit to and from Splunk Cloud is encrypted using SSL. To encrypt data at rest, you can purchase AES 256-bit encryption for an additional charge. Keys are rotated regularly and monitored continuously.
Data protection within supplier network
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
Instance Security: Every Splunk Cloud deployment runs in a secured environment on a stable operating system and in a network that is hardened to industry standards using a default-deny firewall policy, which permits access only to specific IP addresses and services. Your deployment is regularly scanned for host- and application-level threats. Isolation of Data and Service: In the cloud, data is logically isolated from other customers’ data, your performance and data integrity cannot be affected by other customers who are using the Splunk Cloud service. Data Encryption: All data in transit to and from Splunk Cloud is encrypted using SSL.

Availability and resilience

Guaranteed availability
Mission-critical performance, scale and reliability - 100% uptime SLA Splunk provides a 100% uptime SLA for Splunk Cloud. Customers receive service credits in the event of SLA failures, as set forth in our current SLA schedule. As Splunk Cloud is offered uniformly across all customers, the SLA cannot be modified on a customer by customer basis.
Approach to resilience
Splunk cloud is delivered with an SLA of 100%. The service is hosted in AWS and details of the underlying configuration can be provided on request.
Outage reporting
Email alerts are provided in the event of an outage.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
Additional layers of security, and access via dedicated networks can be configured upon request.
Access restrictions in management interfaces and support channels
No access to OS level is provided for the Splunk cloud service. Any OS level access requires interaction with the platform support team, Full RBAC controls are supported in the Splunk application allowing granular access.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Schellman & Company
ISO/IEC 27001 accreditation date
21/12/2016
What the ISO/IEC 27001 doesn’t cover
The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) supporting the Splunk Cloud systems that govern all client data under the control or ownership of Splunk Cloud and that resides in its in-scope site, and in accordance with the statement of applicability Version 2.0, November 8, 2016.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
SOC 2 Type II: Splunk Cloud is SOC 2 Type 2-compliant. ISO 27001: Splunk Cloud is ISO/IEC 27001:2013-certified. ISO/IEC 27001:2013 is a standard for an information security management system, specifying the policies and procedures for all legal, physical, and technical controls used by an organization to minimize risk to information.
Information security policies and processes
Splunk has attained a number of compliance attestations and certifications from industry-leading auditors as part of our commitment to adhere to industry standards worldwide. The following attestations and certifications apply to Splunk Cloud customer environments provisioned for data ingestion of over 20GB/day. SOC 2 Type II: Splunk Cloud is SOC 2 Type 2-compliant. The SOC 2 audit assesses an organization's security, availability, process integrity, and confidentiality processes to provide assurance about the systems that a company uses to protect customers' data. ISO 27001: Splunk Cloud is ISO/IEC 27001:2013-certified. ISO/IEC 27001:2013 is a standard for an information security management system, specifying the policies and procedures for all legal, physical, and technical controls used by an organization to minimize risk to information. (View certificate of verification.)

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
GENERAL In order to operate in an efficient and secure manner, the Splunk Cloud Service requires routine maintenance and upgrades. These are Splunk’s policies regarding offline periods so that maintenance may be performed. ROUTINE MAINTENANCE - is performed at most once per month and lasts no more than 4 hours. Customers can request a maintenance window around the clock starting Sunday 3 PM through Friday 5 PM PST. EMERGENCY MAINTENANCE - service-affecting maintenance is only performed in circumstances that require immediate attention, it is not scheduled. Splunk will make commercially reasonable efforts to notify Customers should Emergency Maintenance become necessary.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The security measures of Splunk and AWS are further described in the Technical Briefing paper at https://www.splunk.com/pdfs/technical-briefs/safeguarding-customer-data-in-splunk-cloud.pdf.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The security measures of Splunk and AWS are further described in the Technical Briefing paper at https://www.splunk.com/pdfs/technical-briefs/safeguarding-customer-data-in-splunk-cloud.pdf.
Incident management type
Supplier-defined controls
Incident management approach
Users can report incidents to Splunk through the Support portal, allocating the appropriate severity level.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Pricing

Price
£890 per gigabyte per year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Free trial available

Yes
Description of free trial

Your free cloud trial lets you search, analyze and visualize 5GB of your own data for 15 days. If you like what you see, it’s simple to transition your trial instance to a production account.
Link to free trial
https://www.splunk.com/page/sign_up/cloud_trial?responsive=1&redirecturl=%2Fgetsplunk%2Fcloud_trial

Service documents

Return to top ↑