Customer

  • Large telecommunications company
  • Over $13 billion in revenue and 25,000 employees

Problem

  • High Splunk resource usage, caused by inefficient searches and data volumes
  • Executive team unable to gain operational visibility, as dashboards not working
  • Internal Splunk team committed to other projects and unable to address issues
  • Attempts to optimize bad searches had been tedious and time consuming

Solution

  • Performed a health assessment to identify issues 
  • Implemented performance tuning and other optimizations
  • Created new queries and modeled data to help summarize large data sets
  • Reworked several dashboards to optimize load times and performance

Result

  • Executives able to view dashboards that had been inaccessible for months
  • Increased operational visibility helps ensure key performance indicators are met
  • Significant improvement to Splunk environment health
  • Ability to add additional data sources to SIEM for greater security visibility