Converging Data

Splunk Cloud & Enterprise Logging & Analytics

Splunk is the easy, fast and secure way to search, analyze and visualize the machine data generated by your IT systems and technology infrastructure—physical, virtual and in the cloud.

Use Splunk Cloud and Enterprise in any combination and always have a unified view, and the same set of features.

Features

  • Cloud, hybrid or enterprise Deployment
  • Delivers Real-Time analytics - Dashboards Reports & Alerts
  • Collect and Index machine data from any location
  • Over 1000 custom apps from the Splunk Partner community
  • Specialist applications for Digital Health
  • Provides conformance, compliance and control over your data
  • Enterprise scalability, flexibility and performance
  • Correlate and Analyze
  • Secure Data Access and Transport
  • Granular Access and Audit Controls

Benefits

  • Delivers real-time visibility of the service user experience
  • Troubleshoot performance or security incidents in minutes, not hours.
  • Collect and index any machine data from virtually any source.
  • Delivers the scalability, reliability and functionality you need
  • Find the relationships within your data.
  • Use built-in Splunk analytics modules to tackle impactful issues.
  • Make more sense of your huge volumes of data.
  • Choose from a wide range of charts and visualizations.
  • Use the dashboards to continually monitor events, conditions or KPIs.
  • Provides secure data handling, access controls, auditability and assurance.

Pricing

£1200 per gigabyte per year

Service documents

G-Cloud 10

294163931554854

Converging Data

Neil Murphy

+44 113 4510 100

neil.murphy@convergingdata.co.uk

Service scope

Service scope
Service constraints Splunk provides a 100% uptime SLA for Splunk Cloud. Customers receive service credits in the event of SLA failures, as set forth in current SLA schedule. As Splunk Cloud is offered uniformly across all customers, the SLA cannot be modified on a customer by customer basis.
System requirements
  • Client access to Splunk Cloud services is via the browser.
  • Data gathering requires peer to peer access from source services

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Email acknowledgement of receipt is sent immediately. Reponse times to other issues are based upon allocated priorities.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Splunk offers different response times and case handling based on case priority levels. These support levels are included within the Splunk license cost.

P1 = A Production Splunk installation is completely inaccessible or the majority of its functionality is unusable.
P2 = One or more important features of a Production Splunk installation has become unusable.
P3 = Any other case.
P4 = All enhancement requests.

Enterprise and Global Service Agreements
Response Time Status Update Fix or Workaround
P1 4 Hours Daily 1 Business Day
P2 Next Business Day Weekly 1 Week
P3 2 Business Days Next Release
P4 2 Business Days At Splunk's discretion

Support Hours
Support is provided via telephone, email and web portal. Support will be delivered by a member of Splunk's technical support team during the regional hours of operation listed below.

P1: 24 x 7
P2: Monday through Friday during standard business hours (8 am to 5 pm Pacific); excluding Splunk holidays
P3: Monday through Friday during standard business hours (8 am to 5 pm Pacific); excluding Splunk holidays (*Splunk Light)
P4: Monday through Friday during standard business hours (8 am to 5 pm Pacific); excluding Splunk holidays
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Splunk Instructor-led classes are available virtually or at your site. We schedule virtual classes of the complete Splunk curriculum at least once a month. The classes are delivered live via web broadcast and have hands-on exercises through remote servers. Virtual classes are taught in four to five-hour segments, so you can keep up with your day job, or spend time on extra lab work. Learn more about our virtual classroom. Dedicated virtual classes are also available.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats Splunk Answers web site and community
End-of-contract data extraction Splunk provides a range of options for extracting and publishing data into external repositories. This includes flat file exports, ODBC connections, rest API connectivity and data rolling into Hadoop clusters.
End-of-contract process The price of the contract includes access to the Splunk cloud service for an unlimited number of people.
The price of the contract defines the amount of data per day which can be added into the service.
Splunk platform support is included in the price of the service.
Additional professional services to develop new reports and dashboards or to provide data consulting, and analytics services are not included in the cost.

Using the service

Using the service
Web browser interface Yes
Using the web interface All Splunk services are accessed via the web browser.
Web interface accessibility standard None or don’t know
How the web interface is accessible Standard web browsers such as chrome, internet explorer and firefox are supported. Navigation around the Splunk interface is simple and intuitive.

User dashboards and applications can be fully customised to meet accessibility requirements.
Web interface accessibility testing To date, we have done no testing with assistive technology users.
API Yes
What users can and can't do using the API The Splunk REST API gives you access to the same information and functionality available to core system software and Splunk Web, which also use the API.

API functions fall into one of the following categories, which have different interface behavior:

Run searches.
Manage objects and configurations.
The REST API is organized around object and configuration resources. A resource is a single, named, object stored by splunkd, such as a job, a TCP raw input, or a saved search. Resources are grouped into collections. Each collection has some combination of resources and other collections.

The API conforms to the Representational State Transfer (REST) architectural style. A REST(ful) architecture has the following properties.

Separation of concerns, such as data storage and access mechanisms, between a client and server.
A stateless client-server interaction, where there is no concept of a session. Clients supply all information in server requests without relying on stored state on the server.
Optional data caching to improve request-response performance.
A generalized, uniform interface for simplicity.
A layered arrangement of architectural components. REST architecture components are arranged hierarchically, where child nodes are discoverable by parent nodes and contain their scope of information without reference to other nodes.
API automation tools
  • Ansible
  • Chef
  • Puppet
API documentation Yes
API documentation formats
  • HTML
  • PDF
  • Other
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources Services are deployed on fully independent AWS VPC containers, there is no resource contention.
Usage notifications Yes
Usage reporting
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics No

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Splunk

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach Splunk has attained compliance attestations and certifications from industry-leading auditors as part of our commitment to adhere to industry standards worldwide.

SOC 2 Type II: Splunk Cloud is SOC 2 Type 2-compliant. The SOC 2 audit assesses an organization's security, availability, process integrity, and confidentiality processes providing assurance about the systems that a company uses to protect customers' data.

ISO 27001: Splunk Cloud is ISO/IEC 27001:2013-certified. ISO/IEC 27001:2013 is a standard for an information security management system, specifying the policies and procedures for all legal, physical, and technical controls used by an organization to minimize risk to information.
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Mission-critical performance, scale and reliability - 100% uptime SLA
Backup controls Service backups are not scheduled. The cloud service is delivered in a fully resilient configuration.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks Data Encryption: All data in transit to and from Splunk Cloud is encrypted using SSL. To encrypt data at rest, you can purchase AES 256-bit encryption for an additional charge. Keys are rotated regularly and monitored continuously.
Data protection within supplier network
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network Instance Security: Every Splunk Cloud deployment runs in a secured environment on a stable operating system and in a network that is hardened to industry standards using a default-deny firewall policy, which permits access only to specific IP addresses and services. Your deployment is regularly scanned for host- and application-level threats.

Isolation of Data and Service: In the cloud, data is logically isolated from other customers’ data, your performance and data integrity cannot be affected by other customers who are using the Splunk Cloud service.

Data Encryption: All data in transit to and from Splunk Cloud is encrypted using SSL.

Availability and resilience

Availability and resilience
Guaranteed availability Mission-critical performance, scale and reliability - 100% uptime SLA

Splunk provides a 100% uptime SLA for Splunk Cloud. Customers receive service credits in the event of SLA failures, as set forth in our current SLA schedule. As Splunk Cloud is offered uniformly across all customers, the SLA cannot be modified on a customer by customer basis.
Approach to resilience Splunk cloud is delivered with an SLA of 100%. The service is hosted in AWS and details of the underlying configuration can be provided on request.
Outage reporting Email alerts are provided in the event of an outage.

Identity and authentication

Identity and authentication
User authentication
  • Username or password
  • Other
Other user authentication Additional layers of security, and access via dedicated networks can be configured upon request.
Access restrictions in management interfaces and support channels No access to OS level is provided for the Splunk cloud service. Any OS level access requires interaction with the platform support team,

Full RBAC controls are supported in the Splunk application allowing granular access.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Schellman & Company
ISO/IEC 27001 accreditation date 21/12/2016
What the ISO/IEC 27001 doesn’t cover The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS)
supporting the Splunk Cloud systems that govern all client data under the control or ownership of Splunk Cloud and that
resides in its in-scope site, and in accordance with the statement of applicability Version 2.0, November 8, 2016.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards SOC 2 Type II: Splunk Cloud is SOC 2 Type 2-compliant.

ISO 27001: Splunk Cloud is ISO/IEC 27001:2013-certified. ISO/IEC 27001:2013 is a standard for an information security management system, specifying the policies and procedures for all legal, physical, and technical controls used by an organization to minimize risk to information.
Information security policies and processes Splunk has attained a number of compliance attestations and certifications from industry-leading auditors as part of our commitment to adhere to industry standards worldwide. The following attestations and certifications apply to Splunk Cloud customer environments provisioned for data ingestion of over 20GB/day.

SOC 2 Type II: Splunk Cloud is SOC 2 Type 2-compliant. The SOC 2 audit assesses an organization's security, availability, process integrity, and confidentiality processes to provide assurance about the systems that a company uses to protect customers' data.

ISO 27001: Splunk Cloud is ISO/IEC 27001:2013-certified. ISO/IEC 27001:2013 is a standard for an information security management system, specifying the policies and procedures for all legal, physical, and technical controls used by an organization to minimize risk to information. (View certificate of verification.)

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach GENERAL
In order to operate in an efficient and secure manner, the Splunk Cloud Service requires routine maintenance and upgrades. These are Splunk’s policies regarding offline periods so that maintenance may be performed.

ROUTINE MAINTENANCE - is performed at most once per month and lasts no more than 4 hours. Customers can request a maintenance window around the clock starting Sunday 3 PM through Friday 5 PM PST.

EMERGENCY MAINTENANCE - service-affecting maintenance is only performed in circumstances that require immediate attention, it is not scheduled. Splunk will make commercially reasonable efforts to notify Customers should Emergency Maintenance become necessary.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The security measures of Splunk and AWS are further described in the Technical Briefing paper at https://www.splunk.com/pdfs/technical-briefs/safeguarding-customer-data-in-splunk-cloud.pdf.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The security measures of Splunk and AWS are further described in the Technical Briefing paper at https://www.splunk.com/pdfs/technical-briefs/safeguarding-customer-data-in-splunk-cloud.pdf.
Incident management type Supplier-defined controls
Incident management approach Users can report incidents to Splunk through the Support portal, allocating the appropriate severity level.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres No

Pricing

Pricing
Price £1200 per gigabyte per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Your free cloud trial lets you search, analyze and visualize 5GB of your own data for 15 days.
If you like what you see, it’s simple to transition your trial instance to a production account.
Link to free trial https://www.splunk.com/page/sign_up/cloud_trial?responsive=1&redirecturl=%2Fgetsplunk%2Fcloud_trial

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑