NETbuilder Ltd

Splunk Managed Services

Splunk monitors and analyses machine data from any source to deliver Operational Intelligence to optimise your IT, security and business performance. With intuitive analysis features, machine learning, artificial intelligence, packaged applications and open APIs, alongside Phantom for security operations and VictorOps for incident management.


  • Cloud, hybrid or enterprise deployment
  • Collects and indexes log and machine data from any source
  • Powerful search, analysis and visualization capabilities empower users
  • Fraud and cyber threat detection analysis
  • Real time analysis for operational intelligence and business reporting
  • Information Assurance and security analysis
  • Monitor and ensure compliance issues
  • Monitor Logistics RFID and logistics databases machine data (HUMS)
  • Monitor and manage internet of things including SCADA data
  • Big Data Analytics, machine data from internet/internal network


  • Delivers real-time visibility of the service user experience
  • Troubleshoot performance or security incidents in minutes, not hours.
  • Collect and index any machine data from virtually any source.
  • Delivers the scalability, reliability and functionality you need
  • Find the relationships within your data.
  • Use built-in Splunk analytics modules to tackle impactful issues.
  • Make more sense of your huge volumes of data.
  • Choose from a wide range of charts and visualizations.
  • Use the dashboards to continually monitor events, conditions or KPIs.
  • Provides secure data handling, access controls, auditability and assurance


£500 per gigabyte per year

Service documents


G-Cloud 11

Service ID

2 2 8 3 8 1 9 3 8 3 7 2 2 4 5


NETbuilder Ltd

Matthew Bunyard


Service scope

Software add-on or extension
Cloud deployment model
Hybrid cloud
Service constraints
In order to operate in an efficient and secure manner, the Splunk Cloud Service requires routine maintenance and upgrades. These are Splunk’s policies regarding offline periods so that maintenance may be performed.

ROUTINE MAINTENANCE - is performed at most once per month and lasts no more than 4 hours. Customers can request a maintenance window around the clock starting Sunday 3 PM through Friday 5 PM PST.

EMERGENCY MAINTENANCE - service-affecting maintenance is only performed in circumstances that require immediate attention, it is not scheduled. Splunk will make commercially reasonable efforts to notify Customers should Emergency Maintenance become necessary.
System requirements
  • Windows> 2 x 6 core 2+GHZ, 12GB RAM
  • Non Windows> 2 x 6 core 2+GHZ, 12GB RAM
  • Linux, 2.6 and later
  • Mac OS X 10.10 and 10.11
  • Windows 8, 8.1, 10
  • Windows Server 2008 R2, 2012, 2012 R2

User support

Email or online ticketing support
Yes, at extra cost
Support response times
NETbuilder will provide prioritised support services for the Managed Services, to be accessed by Customer’s Technical Support Contacts 24 hours a day, 7 days a week (each such request a “Service Request” or an “Incident” or a “Change Request”) according to an agreed set of Response Times for each service request type and priority level.
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
"Our Production Support Level ensures that our customer’s technology estate is operational whilst providing them significant autonomy in daily application and business operations. Production customers are assisted with a self-service portal that makes it easy to request help, search knowledgeable content and track progress on issues, and by the NETbuilder Technical Support team composed of service desk agents and a named Service Delivery Manager (SDM) primarily tasked with system maintenance, health reporting, and solution monitoring on a 24x7 basis.

Our Enterprise offering is a premium full-service package developed with the goal of empowering customer teams to focus on their core business and deliver effectively at scale. This offering entitles the customer to a single point of contact with NETbuilder — Technical Account Manager (TAM), a highly skilled professional proactively supporting the customer during deployment time and production related activities, while ensuring the maintenance and troubleshooting of the technology stack. The TAM meets regularly with the customer and can assist with activities such as performance tuning, configuration, etc. "
Support available to third parties

Onboarding and offboarding

Getting started
In order to best kick start and setup the service, we come on site to meet the team, give an initial overview of the Managed Service and describe the next steps.

Once the introductions are completed, we run an initial discovery phase in which we review and validate the scope of the service with the business and technical stakeholders, make an inventory of the resources to support, define a service catalogue, lock down the SLA.

Setup the support, networking and monitoring services, put quality controls in place, check integration points, integrate to the customer business process, trial run end-to-end key use cases and live incidents, start preparing initial knowledge base, grant access etc.

Smoothly switch to the new support service and check hands for an official start.

Maintenance and Support.
Proactively support and maintain your solution as well as regularly report on its performance.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Customer data can be copied to a secure repository and source data deleted. There is no additional charge for this service.
End-of-contract process
A high level exit plan is contained within the Managed Service documentation. The exit plan contains instructions as to whether the service is to be ceased or migrated to another third party.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Differences between the mobile and desktop service
If it is through a web browser the functionality is the same. if it is through the Splunk Mobile App custom visualisations do not work
Service interface
Description of service interface
Splunk Cloud does not allow direct access to infrastructure by customers. As a result, you do not have command line access to Splunk Cloud. Any supported task that requires command line access is performed by the self-service capabilities of Splunk or by filing a service ticket.
Accessibility standards
None or don’t know
Description of accessibility
Splunk Cloud does not allow direct access to infrastructure by customers. As a result, you do not have command line access to Splunk Cloud. Any supported task that requires command line access is performed by the self-service capabilities of Splunk or by filing a service ticket.
Accessibility testing
What users can and can't do using the API
Differences in implementation details between Splunk Cloud and Enterprise plus permissions for the sc_admin role impacts REST API access. In Splunk Cloud, you open a support ticket to enable REST API access. In addition, Splunk Cloud supports a subset of the REST API endpoints available in Splunk Enterprise. You can find more information regarding using the REST API with Splunk Cloud here
API documentation
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment
Customisation available
Description of customisation
Splunk provides an agile reporting and analytics capability. Reports and dashboards are fully customisable. Role based access is available to allow the customer full control over changes and customisations. The user is able to configure dashboards and the target data sources. Configuration can be through Splunk Web, Splunk's Command Line Interface (CLI), Splunk's REST API and directly in configuration files.


Independence of resources
Dedicated tenancies are enforced to ensure customer segregation. Therefore one customer service cannot be affected by another customers service.


Service usage metrics
Metrics types
• Disk
• HTTP Request and Response Status
• Memory
• Network
• Number of active instances
• Others
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
There are many ways that a user can export data. Splunk provides a REST API to export data. Data can be exported by the Splunk Web facility. Users can use the Command Line Interface, SDK's and data forwarding tools.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • JSON
  • Raw Data
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • JSON
  • Raw Data

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Mission-critical performance, scale and reliability - 100% uptime SLA

Splunk provides a 100% uptime SLA for Splunk Cloud. Customers receive service credits in the event of SLA failures, as set forth in our current SLA schedule. As Splunk Cloud is offered uniformly across all customers, the SLA cannot be modified on a customer by customer basis
Approach to resilience
Splunk cloud is delivered with an SLA of 100%. The service is hosted in AWS and details of the underlying configuration can be provided on request
Outage reporting
Email alerts

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Role Based Access Control is supported
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Splunk Cloud based service uses third-party validation by Brightline of our processes and policies efforts to safeguard customer data to industry standards worldwide. Working with our audit partners, SOC 2 Type 2 attestation is completed for all Splunk Cloud customer environments and ISO 27001 certification is completed for Splunk Cloud customer environments provisioned for data ingestion of over 20GB/day

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
• Customer requests change to service or solution: affected systems, possible risks, security risks, and expected implementation to qualified brief.
• Service Delivery Manager escalates the request to the engagement team who determines if the change is valid.
• Team plans the change. Details recorded about: the expected outcomes, effort estimates, resource profile, timeline, testing, ways to roll back the change, risks including security risks, dependencies and assumptions.
• Change approval board (CAB) may need to review the plan.
• Team implements the change, documenting procedures and results.
• Service Delivery Manager reviews and closes the implemented change.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The security measures of Splunk and AWS are further described in the Technical Briefing paper at
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The security measures of Splunk and AWS are further described here
Incident management type
Supplier-defined controls
Incident management approach
End users (via portal, phone or email), monitoring systems, or service desk describes and logs the incident.
Service desk records at a minimum the date and time, reporter name, and a unique ID.
Agent labels the incidents with appropriate categorisation.
Service desk prioritizes incident based on business impact and urgency.
Team diagnoses the incident, services effected, possible solutions. Agents communicate with incident reporters.
Service desk team can escalate the incident to the second or third line support.
The service desk resolves the service interruption and verifies that the fix is successful. Resolution is fully documented.
Service desk closes the incident.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£500 per gigabyte per year
Discount for educational organisations
Free trial available
Description of free trial
The Splunk free cloud trial lets you search, analyze and visualize 5GB of your own data for 15 days. You can transition your trial instance to a production account.
Link to free trial

Service documents

Return to top ↑