What is Splunk at Illinois?
Splunk is a machine data (event / log) aggregation and analytics solution. Spearheaded by the Chief Information and Security Officer (CISO) to provide the service widely across the institution, Splunk at Illinois is intended to provide units a means to improve use of their own data for insight, decision support, and the ability to more quickly respond to emerging issues. It is also intended to help units comply with IT 4.6.1 and to support the growth of each unit's -- and the institution's overall -- security maturity index.
- Splunk at Illinois URL: https://illinois.splunkcloud.com
- Service Catalog Entry: https://help.uillinois.edu/TDClient/42/UIUC/Requests/ServiceDet?ID=193
- Service Documentation: https://wiki.illinois.edu/wiki/display/splunk
Benefits of using Splunk at Illinois:
- Comply with IT 4.6.1 by sending your logs off-host
- Aggregate your machine (event / log) data from various sources and leverage the advantage of correlational analysis across those sources ... and with sources from campus.
- Develop your own (or use others') analyses to detect or even predict service degradations and outages. Alerts and automations available.
- Provide service analytics to unit / institution leadership.
- Use Machine Learning for predictive analysis and anomaly detection.
- For many technologies, Splunk "apps" are available (usually at no additional cost) that deliver pre-built field extraction, normalization, reports, alerts, dashboards, automations, etc.
- Take advantage of UIUC-specific enrichment data (in the form of 'lookups') such as org codes from codebook, etc.
- Approved for FERPA regulated data (but not HIPAA regulated data)