By Jennifer Swallow July 14, 2022
Your organization purchased Splunk Cloud Platform some time ago. Your environment is ingesting dozens of data sources and your team has expert level SPL skills. You've created easily consumable dashboards and reports for many different types of stakeholders and you've mastered alert fatigue. Your organization's return on investment both in Splunk and Splunk education is paying large dividends in terms of time saved managing threats and improved operational efficiency.
Now, you are ready to go even further. You know that Splunk offers a range of additional security and observability solutions, and your executive leadership is willing to add to your portfolio to see even greater returns. But which products will best match up with your use cases, capabilities, and data sources? How can you expand your environment in a way that will yield the best results as fast as possible? How can you dig through the abstract possibilities of Splunk Enterprise Security, Splunk IT Service Intelligence, or Splunk Infrastructure Monitoring to understand how those products can be used specifically at your organization?
Enter the Use Case Explorers. These new content areas — available on Splunk Lantern — provide a framework to guide your progress across the stages of security and observability. Through best practices, use cases, and a mapping of relevant Splunk software to each stage, the explorers guide you on these data journeys.
Use Case Explorer for Security
The workflow stages of the Use Case Explorer for Security are Ingest Data, Monitor, Analyze & Investigate, and Act. Within each of those stages are focal areas where you'll find high-level planning guides, best practice guidance, and step-by-step use case documentation that you can start to apply right away. Learn to use Intelligence Management for data enrichment and Enterprise Security for data normalization. To mature in your security journey, discover how to reduce alert fatigue with Risk Based Alerting, and use Splunk SOAR for automation, collaboration, and case management.
Use Case Explorer for Observability
The Use Case Explorer for Observability guides you through the AIOps stages: Observe, Engage, and Act. Learn how to prescriptively monitor and observe the full stack using Splunk APM, Infrastructure Monitoring, RUM, and Synthetics. During the Engage stage, learn how ITSI and OnCall work together to improve event analytics and notifications. And when you reach the Act stage of value realization, you can use that same software to remediate and investigate more effectively. These actions will drive business value by reducing alert noise and improving MTTR, which results in service quality improvements.
How the Use Case Explorers Can Help
The use case explorers are sets of defined capabilities, use cases, and best practices to help you to take a systematic approach toward improving visibility and response to past, present, and impending incidents. Whether your goals are to realize less user, business, and mission disruption, to remediate issues faster, or to better utilize your staff’s time, the use case explorers on Splunk Lantern can help you learn how to extend your Splunk Enterprise or Splunk Cloud Platform capabilities to work smarter.
Special thanks to the Customer Success Product Areas & Specializations team for all their hard work on these Use Case Explorers!