Splunk Cloud for Enterprise Logging, Analytics & Cyber Security
Splunk is the easy, fast and secure way to search, analyze and visualize the machine data generated by your IT systems and technology infrastructure—physical, virtual and in the cloud. Use Splunk Cloud and Enterprise in any combination and always have a unified view, and the same set of features.
Features
- Cloud, hybrid or enterprise Deployment
- Delivers Real-Time analytics - Dashboards Reports & Alerts
- Collect and Index machine data from any location
- Over 1000 custom apps from the Splunk Partner community
- Specialist applications for Digital Health
- Provides conformance, compliance and control over your data
- Enterprise scalability, flexibility and performance
- Splunk Enterprise Security SIEM Platform
- Security Information and Event Management - SIEM Platform
- Granular Access and Audit Controls
Benefits
- Delivers real-time visibility of the service user experience
- Troubleshoot performance or security incidents in minutes, not hours.
- Collect and index any machine data from virtually any source.
- Delivers the scalability, reliability and functionality you need
- Find the relationships within your data.
- Effective management of Cyber Security Incidents.
- Deliver IOT solutions to manage processes and track equipment
- Use visualisations of real-time data to empower decision makers
- Use the dashboards to continually monitor events, conditions or KPIs.
- Provides secure data handling, access controls, auditability and assurance.
Pricing
£890 a gigabyte a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at james.odom@hippodigital.co.uk.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 11
Service ID
2 2 6 9 9 1 8 7 0 1 6 4 2 7 3
Contact
Converging Data
James Odom
Telephone: +44 113 4510 100
Email: james.odom@hippodigital.co.uk
Service scope
- Software add-on or extension
- Yes
- What software services is the service an extension to
-
We supply Splunk Cloud & Enterprise, and provide add-ons and extensions to support HL7 integration in healthcare, RFID and location services tracking. We deliver Splunk Enterprise Security, Phantom and ITSI. Our IOT projects integrate a range of third party vendor solutions.
Our Splunk Consultants provide design and delivery support. - Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- Splunk provides a 100% uptime SLA for Splunk Cloud. Customers receive service credits in the event of SLA failures, as set forth in current SLA schedule. As Splunk Cloud is offered uniformly across all customers, the SLA cannot be modified on a customer by customer basis.
- System requirements
-
- Client access to Splunk Cloud services is via the browser.
- Data gathering requires peer to peer access from source services
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- P1 = Splunk Cloud Service is completely inaccessible. P2 = One or more key features of Splunk Cloud Service unusable. P3 = Any other case where a Splunk Cloud Service is not operating as documented or when a Splunk Cloud Service is being used within the purchased aggregate volumes and storage periods. P4 = All enhancement requests. Response Times Initial Response & Acknowledgment, by case priority P1: 2 hours P2: Next business day P3: Two business days (*Splunk Light) P4: Two business days
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Splunk offers different response times and case handling based on case priority levels. These support levels are included within the Splunk license cost. P1 = A Production Splunk installation is completely inaccessible or the majority of its functionality is unusable. P2 = One or more important features of a Production Splunk installation has become unusable. P3 = Any other case. P4 = All enhancement requests. Enterprise and Global Service Agreements Response Time Status Update Fix or Workaround P1 4 Hours Daily 1 Business Day P2 Next Business Day Weekly 1 Week P3 2 Business Days Next Release P4 2 Business Days At Splunk's discretion Support Hours Support is provided via telephone, email and web portal. Support will be delivered by a member of Splunk's technical support team during the regional hours of operation listed below. P1: 24 x 7 P2: Monday through Friday during standard business hours (8 am to 5 pm Pacific); excluding Splunk holidays P3: Monday through Friday during standard business hours (8 am to 5 pm Pacific); excluding Splunk holidays (*Splunk Light) P4: Monday through Friday during standard business hours (8 am to 5 pm Pacific); excluding Splunk holidays
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Splunk Instructor-led classes are available virtually or at your site. We schedule virtual classes of the complete Splunk curriculum at least once a month. The classes are delivered live via web broadcast and have hands-on exercises through remote servers. Virtual classes are taught in four to five-hour segments, so you can keep up with your day job, or spend time on extra lab work. Learn more about our virtual classroom. Dedicated virtual classes are also available.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Splunk provides a range of options for extracting and publishing data into external repositories. This includes flat file exports, ODBC connections, rest API connectivity and data rolling into Hadoop clusters.
- End-of-contract process
- The price of the contract includes access to the Splunk cloud service for an unlimited number of people. The price of the contract defines the amount of data per day which can be added into the service. Splunk platform support is included in the price of the service. Additional professional services to develop new reports and dashboards or to provide data consulting, and analytics services are not included in the cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Firefox
- Chrome
- Safari 9+
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Dashboards reports and visualisations can be tuned to adapt to mobile devices.
- Service interface
- No
- API
- Yes
- What users can and can't do using the API
-
Using the API
The Splunk REST API gives you access to the same information and functionality available to core system software and Splunk Web, which also use the API. API functions fall into one of the following categories, which have different interface behavior: Run searches. Manage objects and configurations. The REST API is organized around object and configuration resources. A resource is a single, named, object stored by splunkd, such as a job, a TCP raw input, or a saved search. Resources are grouped into collections. Each collection has some combination of resources and other collections. The API conforms to the Representational State Transfer (REST) architectural style. A REST(ful) architecture has the following properties. Separation of concerns, such as data storage and access mechanisms, between a client and server. A stateless client-server interaction, where there is no concept of a session. Clients supply all information in server requests without relying on stored state on the server. Optional data caching to improve request-response performance. A generalized, uniform interface for simplicity. A layered arrangement of architectural components. REST architecture components are arranged hierarchically, where child nodes are discoverable by parent nodes and contain their scope of information without reference to other nodes. - API documentation
- Yes
- API documentation formats
-
- HTML
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Splunk provides an agile reporting and analytics capability. Reports and dashboards are fully customisable. Role based access is available to allow the customer full control over changes and customisations.
Scaling
- Independence of resources
- Services are deployed on fully independent AWS VPC containers, there is no resource contention.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Splunk is an analytics platform, reports on usage and utilisation come out of the box, and can be tuned to an organisations specific requirements.
Metrics types
Number of active instances
Other
Other metrics
Data Ingested
Splunk Infrastructure deployed - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Splunk
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Other
- Other data at rest protection approach
- Splunk has attained compliance attestations and certifications from industry-leading auditors as part of our commitment to adhere to industry standards worldwide. SOC 2 Type II: Splunk Cloud is SOC 2 Type 2-compliant. The SOC 2 audit assesses an organization's security, availability, process integrity, and confidentiality processes providing assurance about the systems that a company uses to protect customers' data. ISO 27001: Splunk Cloud is ISO/IEC 27001:2013-certified. ISO/IEC 27001:2013 is a standard for an information security management system, specifying the policies and procedures for all legal, physical, and technical controls used by an organization to minimize risk to information.
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
Splunk provides a range of options for extracting and publishing data into external repositories. This includes flat file exports, ODBC connections, rest API connectivity and data rolling into Hadoop clusters.
Users can also download the results of reports and summaries to CSV or PDF files directly from the report interface if required. - Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
-
- JSON
- Hadoop
- SQL
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
-
- Splunk can ingest machine data from virtually any source
- Structured & Unstructured
- Relational Database content (oracle & SQL for example)
- Direct Network IP or Syslog data
- HTTP Event Collection
- MQ Message Series
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection between networks
- Data Encryption: All data in transit to and from Splunk Cloud is encrypted using SSL. To encrypt data at rest, you can purchase AES 256-bit encryption for an additional charge. Keys are rotated regularly and monitored continuously.
- Data protection within supplier network
-
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection within supplier network
- Instance Security: Every Splunk Cloud deployment runs in a secured environment on a stable operating system and in a network that is hardened to industry standards using a default-deny firewall policy, which permits access only to specific IP addresses and services. Your deployment is regularly scanned for host- and application-level threats. Isolation of Data and Service: In the cloud, data is logically isolated from other customers’ data, your performance and data integrity cannot be affected by other customers who are using the Splunk Cloud service. Data Encryption: All data in transit to and from Splunk Cloud is encrypted using SSL.
Availability and resilience
- Guaranteed availability
- Mission-critical performance, scale and reliability - 100% uptime SLA Splunk provides a 100% uptime SLA for Splunk Cloud. Customers receive service credits in the event of SLA failures, as set forth in our current SLA schedule. As Splunk Cloud is offered uniformly across all customers, the SLA cannot be modified on a customer by customer basis.
- Approach to resilience
- Splunk cloud is delivered with an SLA of 100%. The service is hosted in AWS and details of the underlying configuration can be provided on request.
- Outage reporting
- Email alerts are provided in the event of an outage.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Username or password
- Other
- Other user authentication
- Additional layers of security, and access via dedicated networks can be configured upon request.
- Access restrictions in management interfaces and support channels
- No access to OS level is provided for the Splunk cloud service. Any OS level access requires interaction with the platform support team, Full RBAC controls are supported in the Splunk application allowing granular access.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Schellman & Company
- ISO/IEC 27001 accreditation date
- 21/12/2016
- What the ISO/IEC 27001 doesn’t cover
- The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) supporting the Splunk Cloud systems that govern all client data under the control or ownership of Splunk Cloud and that resides in its in-scope site, and in accordance with the statement of applicability Version 2.0, November 8, 2016.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- SOC 2 Type II: Splunk Cloud is SOC 2 Type 2-compliant. ISO 27001: Splunk Cloud is ISO/IEC 27001:2013-certified. ISO/IEC 27001:2013 is a standard for an information security management system, specifying the policies and procedures for all legal, physical, and technical controls used by an organization to minimize risk to information.
- Information security policies and processes
- Splunk has attained a number of compliance attestations and certifications from industry-leading auditors as part of our commitment to adhere to industry standards worldwide. The following attestations and certifications apply to Splunk Cloud customer environments provisioned for data ingestion of over 20GB/day. SOC 2 Type II: Splunk Cloud is SOC 2 Type 2-compliant. The SOC 2 audit assesses an organization's security, availability, process integrity, and confidentiality processes to provide assurance about the systems that a company uses to protect customers' data. ISO 27001: Splunk Cloud is ISO/IEC 27001:2013-certified. ISO/IEC 27001:2013 is a standard for an information security management system, specifying the policies and procedures for all legal, physical, and technical controls used by an organization to minimize risk to information. (View certificate of verification.)
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- GENERAL In order to operate in an efficient and secure manner, the Splunk Cloud Service requires routine maintenance and upgrades. These are Splunk’s policies regarding offline periods so that maintenance may be performed. ROUTINE MAINTENANCE - is performed at most once per month and lasts no more than 4 hours. Customers can request a maintenance window around the clock starting Sunday 3 PM through Friday 5 PM PST. EMERGENCY MAINTENANCE - service-affecting maintenance is only performed in circumstances that require immediate attention, it is not scheduled. Splunk will make commercially reasonable efforts to notify Customers should Emergency Maintenance become necessary.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- The security measures of Splunk and AWS are further described in the Technical Briefing paper at https://www.splunk.com/pdfs/technical-briefs/safeguarding-customer-data-in-splunk-cloud.pdf.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- The security measures of Splunk and AWS are further described in the Technical Briefing paper at https://www.splunk.com/pdfs/technical-briefs/safeguarding-customer-data-in-splunk-cloud.pdf.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Users can report incidents to Splunk through the Support portal, allocating the appropriate severity level.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Pricing
- Price
- £890 a gigabyte a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
Free trial available
Yes
Description of free trial
Your free cloud trial lets you search, analyze and visualize 5GB of your own data for 15 days. If you like what you see, it’s simple to transition your trial instance to a production account. - Link to free trial
- https://www.splunk.com/page/sign_up/cloud_trial?responsive=1&redirecturl=%2Fgetsplunk%2Fcloud_trial
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at james.odom@hippodigital.co.uk.
Tell them what format you need. It will help if you say what assistive technology you use.