What is Splunk? – A Summary for UK Public Sector

To quote the UK National Data Strategy:

‘The coronavirus pandemic showed that there is massive untapped potential in the way government and public services use and share data to help and protect people...’

Splunk is an advanced data platform that delivers right-time analytics from diverse data sets and that enables organisations to ask questions of all their data. It can be used to mitigate cyber security risk, improve performance, increase reliability and observe what is happening in the cloud. If a problem has data, then it's likely Splunk can help, for example Splunk has been used to fight modern slavery, combat wild fires and help run international airports. 

Splunk’s EMEA Headquarters is located in the UK, and we have two offices, in London and Reading. We provide solutions to organisations such as Porsche, Zoom, McLaren Racing, Intel, Coca-Cola as well as the UK Government. In the UK Public Sector, Splunk is used in many different use cases including cyber security, IT and business operations.

Why Does the Public Sector Need Splunk?

Public sector, industry and our citizens are moving into a new data age. To quote the recent Declaration on Government Reform:

‘We will put data at the heart of our decision making, learning explicitly from the approach we have taken in responding to COVID-19...We will make data visualisation a common tool to ensure Ministers and officials understand in real time the latest evidence underpinning decisions’.

This means as citizen demand for digital-enabled services increase, the public sector will need to be more curious and creative with their data and utilise platforms that enable them to bring data to every question, decision and action.

What Does Splunk Do?

Splunk for Public SectorThe Splunk platform provides insights from data generated by digital systems. Digital data is typically ‘messy’ in nature, meaning it is sometimes structured and easy to find, but very often it is unstructured, in silos and machine-readable only. This data contains a comprehensive, authoritative record of operations, interactions, and transactions. But typically this data is ignored and untapped and is in effect dark data, meaning that we could be missing an opportunity to turn this data into positive outcomes or using it for multiple other purposes.

If data sets are combined together, tangible value and outcomes can be delivered and this is what Splunk allows you to do. You can bring data of any structure, any source and any time scale together and turn it into insights and actions. Splunk allows you to investigate, monitor, analyse and act on data and put this data at the heart of government decision making.

The Splunk Portfolio

Splunk consists of three components: 

  1. The Splunk Platform. A broad set of configurable and extensible capabilities that can acquire and manage data and deliver insights from virtually any technology source. Splunk is currently offered as conventional software or as a cloud platform.
  2. Splunk Products. Application offerings that leverage the Splunk Platform to provide deep, pre-built capabilities for Security, IT Operations, DevOps and Service Observability. 
  3. Ecosystem Solutions (Splunkbase). Content built by Splunk itself, partners, and customers that configures and extends the Splunk Platform and Splunk Solutions. The Splunkbase library has 1000+ applications and add-ons delivering a diverse range of functions and solutions from companies such as AWS, Google and Microsoft, but also from a significant number of SMEs. 

You are not ‘locked in’ with Splunk, it can work with other systems and technologies and be a critical component of an organisation's data strategy. 

This portfolio offers data-driven capability to Government Departments such as:

  • Cloud deployment: The Splunk Software as a Service (SaaS) cloud offering is deployed and managed reliably as a service hosted with well-established cloud providers such as AWS and Google, both of which can be hosted in a UK Region. This can be achieved in a public cloud environment or through a hybrid approach that spans cloud and on-premise environments. Splunk is also flexible: it can be deployed in one cloud environment and observe another even if hosted by a different cloud service provider.
  • Reducing costs and creating better outcomes for government: Through reducing data duplication, scaling investments across multiple functions and use cases, and enabling greater collaboration, common visibility, and tighter alignment across functions. 
  • Overcoming organisational and technology complexity and data growth: The scalability, flexibility, and power of the Splunk Platform enables complete solutions for very large and complex technology infrastructures and is proven across thousands of customers to be capable of ingesting and analysing petabytes of data per day.
  • Operating and making decisions in real-time: Splunk allows the combination of real-time data stream observation and analytical processing with near-real time processing of large, complex structured and unstructured data sets collected over long time periods. Together these capabilities provide support for a broad range of use cases, including historical data analytics, forensic investigation, and real-time monitoring.

Much more detail can be found on our products via our website.

Examples of Splunk’s alignment to government policy and needs



UK National Data Strategy (NDS)

Deployment of Splunk is directly relevant to the aim of the NDS to ‘transform the government's use of data’ and ‘ensure the security and reliance of data infrastructure’.  Splunk can help government become data-driven.

Declaration on Government Reform

Splunk can help government organisations deliver to point 9 of the reform agenda - ‘We will put data at the heart of decision making’. 

Cyber security

As a leader in the Security Incident and Event Management (SIEM) and security operations market, Splunk can be deployed to improve a department’s security posture. Splunk also supports approaches such as Zero Trust that enhances security posture by eliminating the sole reliance on perimeter-based protection. In effect, organisations decrease their reliance on network security, instead focusing on securing users, assets, and resources.

Improving citizen outcomes

By linking outcomes to data, it is possible with Splunk to automate specific processes and to be more proactive and analytical in the way a department operates and therefore improve citizen outcomes. 

Reducing fraud and error

Because of the ability of Splunk to process vast amounts of data in real-time, it is possible to use its capabilities to detect fraud and error and reduce the impact on the public purse. 

Increasing transparency

With its ability to ask any question of the data, Splunk can provide the government with the capability to be more transparent and better prepared to answer ‘any’ question. 

Addressing legacy

Splunk can provide insights into data in any environment. It generally does not matter what its structure, format, location or hosting environment is. Splunk does not rely on data lakes or data hubs being built, therefore questions of government data can be asked of it wherever and whatever it is. 

Relevant Case Studies

The power of Splunk has been deployed in many different and innovative ways in Europe. Here are some relevant examples:

  • Porsche: Using Splunk to improve performance.
  • McLaren: Turning data into doing for McLaren Racing. 
  • Airbus:  Airbus is using Splunk as a real-time monitoring platform for both IT and cyber security operations.
  • Dutch Court System: Using Splunk to meet organisational needs for support, information, and performance metrics.
  • London Gatwick Airport: Using Splunk to improve efficiency and lower costs.  
  • Derbyshire Fire & Rescue : Preventing security intrusions, quickly repairing system maintenance issues, and saving money. 
  • John Lewis: Improving troubleshooting and faster resolution of issues, preventing revenue loss. 

Splunk Data Privacy, Security and Compliance

Splunk’s global privacy, security and compliance programmes are designed to meet our customers’ needs internationally and comply with global standards. Please see the following web page for more details on our security, privacy and compliance approaches

Social Value

Splunk’s social impact team called Splunk for Good transforms the connective power of data into a strategic asset for non-profits, universities, organisations, and people working to do good in the world. Through our expertise, tools, training, and personalised support, we help simplify, demystify, and utilise data to drive action for good.

A good example of where Splunk has provided social value across the world is with the Global Emancipation Network when Splunk has helped reduce the impact of human trafficking by overcoming data siloes and hard to access data. 

Splunk is also working with TechVets in the UK to train recent Armed Forces leavers and to help them transition into cyber and technology careers. 

For more information, please contact

Gordon Morrison
Posted by

Gordon Morrison

I've tallied up 25+ years experience in the UK public sector and spent the early part of my career as an engineer and scientist in the Ministry of Defence, but subsequently worked in technical and senior management roles in the UK tech industry, mainly on National Security, Cyber and Defence programmes. 

Show All Tags
Show Less Tags