Exploring Security and Observability on Splunk Lantern

Splunk is committed to using inclusive and unbiased language. This blog post might contain terminology that we no longer use. For more information on our updated terminology and our stance on biased language, please visit our blog post. We appreciate your understanding as we work towards making our community more inclusive for everyone.

Your organization purchased Splunk Cloud Platform some time ago. Your environment is ingesting dozens of data sources and your team has expert level SPL skills. You've created easily consumable dashboards and reports for many different types of stakeholders and you've mastered alert fatigue. Your organization's return on investment both in Splunk and Splunk education is paying large dividends in terms of time saved managing threats and improved operational efficiency. 

Now, you are ready to go even further. You know that Splunk offers a range of additional security and observability solutions, and your executive leadership is willing to add to your portfolio to see even greater returns. But which products will best match up with your use cases, capabilities, and data sources? How can you expand your environment in a way that will yield the best results as fast as possible? How can you dig through the abstract possibilities of Splunk Enterprise Security, Splunk IT Service Intelligence, or Splunk Infrastructure Monitoring to understand how those products can be used specifically at your organization? 

Enter the Use Case Explorers. These new content areas — available on Splunk Lantern — provide a framework to guide your progress across the stages of security and observability. Through best practices, use cases, and a mapping of relevant Splunk software to each stage, the explorers guide you on these data journeys. 

Use Case Explorer for Security

The workflow stages of the Use Case Explorer for Security are Ingest Data, Monitor, Analyze & Investigate, and Act. Within each of those stages are focal areas where you'll find high-level planning guides, best practice guidance, and step-by-step use case documentation that you can start to apply right away. Learn to use Intelligence Management for data enrichment and Enterprise Security for data normalization. To mature in your security journey, discover how to reduce alert fatigue with Risk Based Alerting, and use Splunk SOAR for automation, collaboration, and case management.

Use Case Explorer for Observability

The Use Case Explorer for Observability guides you through the AIOps stages: Observe, Engage, and Act. Learn how to prescriptively monitor and observe the full stack using Splunk APM, Infrastructure Monitoring, RUM, and Synthetics. During the Engage stage, learn how ITSI and OnCall work together to improve event analytics and notifications. And when you reach the Act stage of value realization, you can use that same software to remediate and investigate more effectively. These actions will drive business value by reducing alert noise and improving MTTR, which results in service quality improvements.

How the Use Case Explorers Can Help

The use case explorers are sets of defined capabilities, use cases, and best practices to help you to take a systematic approach toward improving visibility and response to past, present, and impending incidents. Whether your goals are to realize less user, business, and mission disruption, to remediate issues faster, or to better utilize your staff’s time, the use case explorers on Splunk Lantern can help you learn how to extend your Splunk Enterprise or Splunk Cloud Platform capabilities to work smarter.

Special thanks to the Customer Success Product Areas & Specializations team for all their hard work on these Use Case Explorers!