Splunk is a centralized tool for collecting and reporting on machine data whether from servers, networking devices or application code. It's a remote copy of logs which helps gain compliance with the University's sensitive data policies. The largest user of the system is ITS, but we have begun taking on campus entities and are willing to continue doing so. Splunk access requires usage of a campus IP address whether wired, wireless or via VPN.
Technical staff in central IT and campus departments.
Ticket to ITS-MIDDLEWARE with technical contact name, description of intent, and anticipated log sizes per day.
Technical Support Contact Information
SLA Response Times
- Critical = 15 minutes, 24x7
- Important = 2 hours, 8-5 M-F
- General = 24 hours, 8-5 M-F
Service Metrics / Service Goal metrics
Splunk uptime - 99.9% (8.75 hours of downtime/year)
Tuesday/Thursday 6-8AM is the normal, planned maintenance window for system changes. Other dates possible with advance notice and good reasoning. Notifications of said maintenance will follow CAB processing and a pointed notification sent to all Splunk users.
SAI patching occurs Wednesday 3-5AM but this should be transparent to end users due to the highly available architecture we have
Hours Of Operation
Customer responsibilities in support of this agreement include:
- Customers will adequately test all upgrades to the application infrastructure.
- Customers agree to keeping data collection agents (forwarders) patched and up-to-date.
- Customers will report any problems in a timely manner to minimize problem times.
- Customers will be vigilant in what data is logged to Splunk. Licensing is measured by daily log size intake so we should log operationally or security related information only.
- Customers should not log sensitive data to Splunk as it is not rated to accommodate such data.
- Customers are responsible for their system configurations (inputs.conf in their system configuration).
- Customers will adhere to University IT Policies, Procedures and Guidelines.
Out of Scope