Splunk

About this service

Description Originally a log aggregation and analytics tool, Splunk has evolved in to a market-leading "machine data" analytics platform, ready for research applications with Machine Learning (ML) and commonly used as a Security Information and Event Management (SIEM) solution. Develop reports and dashboards; build alerts and launch automated responses.
Other names Log Analysis; Centralized logging; Syslog; rsyslog; Data Aggregation, Logging, and Analysis; Real-time, streaming, event-based, machine-data analytics.
Documentation links Splunk Documentation and Support
Features and tools Log centralization; Log aggregation; Log analysis; Reporting and Dashboarding; Event-based alerting and automation. Tableau, Power BI, Reporting Services, IBM Watson, SAS, SPSS, SIEM

Getting and using this service

Who can use the service Faculty/Staff
How to get the service Send email to splunk-support@illinois.edu to begin the process.
Cost NOTE: As of this writing, some units may be eligible for 100% cost coverage through "Security Incentive" funded by Provost/CISO (Urbana).

Splunk is charged monthly, but pricing is based on daily ingest of data @ $72/GB. If daily ingest is 1 GB, basic service price will be $72/month. Default retention period is 90 days. Incentives (from Security) and enhancements (for example, longer retention) are available. For more information, visit the Splunk Service Pricing page.
Usage constraints 90 day retention is available at no additional cost. There is no limit on the number of data sources or forwarding agents a customer may wish to add. If customer need exceeds current license or infrastructure capacity, some time may be required to accommodate need. Splunk is intended for official University business purposes.

Splunk is currently designed for data classified as Public, Internal, and Sensitive. Splunk is not designed for High Risk data. Splunk can be used for data sources (services) which contain High Risk data only if the logs themselves do not contain High Risk data.

If your machine data management use case involves High Risk data, please contact us.

Support and Hours

How to get help Call the Help Desk at 217-244-7000 or send email to splunk-support@illinois.edu.

Customers also have the opportunity to join a Users Group specific to the service.
Training and consulting opportunities Online Training and some targeted assistance is available from Splunk (depending on context and state of contracts).

Consulting services are also available from Technology Services.
Maintenance hours The Splunk at Illinois Service is a "hybrid" architecture leveraging both on-premises and Splunk's Splunk Cloud service. Consequently, we are partly dependent on coordination with Splunk's Splunk Cloud service for change management. See our Maintenance Windows and Scheduling Searches page for more details.
Lifecycle stage Production
Provided by Technology Services