Splunk Enterprise Security

Splunk business questions

charlesukah22
Explorer

Hi Guys
I am working for a new client that wants me to develop a monthly report/dashboard for their business. I am trying to get a picture of their needs by asking them some BUSINESS questions on what will help make this report a reality. I am technical but I am trying to ask them strictly business questions regarding their request.
Here are some of the questions that I have in mind but I still need as many questions as possible:
• How many concurrent users will be pulling this report at a single instance?
• How many users will need access to this dashboard?
• How often is the data expected to change
• How often would you like to receive this report? Daily, weekly etc.
Please send me as many business related questions as possible

Please keep in mind that these are questions to business people who have never heard about Splunk.

I will appreciate your help.

0 Karma

nickhills
Ultra Champion

Those are all sensible questions, however with the reports & searches structured properly, most of the performance impacts of having such a report can be mitigated.

You don't state the nature of your clients business, but generally you can look at producing reports of number of orders/users, revenue won, cost of operations, service availability, recently opened tickets, stock levels, production line operating efficiency, number of customer service calls per day & average duration. The list could quite literally be endless.

I have anecdotally told management "the hardest thing to do with Splunk is think of the questions you want answered" - followed up by "now how you want to see it"

The fun part is figuring out how to calculate (and display) what they want.

If my comment helps, please give it a thumbs up!
0 Karma

charlesukah22
Explorer

Nickhillscpl
Thanks for your response. I appreciate it.

The nature of my clients business is all about security control of their system’s data and company’s information. They want to have a monthly report via dashboards that will show trends in their data. For example (identify people who have access to their data, who don’t have such access, how many failed logins etc…
They want to compare their previous month’s report with the current month report and see any changes in the activities
Another plan is for us to help them automate their data collection process. Currently they have a manual process
Hope this helps?

0 Karma

nickhills
Ultra Champion

Sounds like you have a pretty good grasp on what the report needs to contain, if you are comparing data month-month you might want to consider some summary indexing each month to rollup the last 30 days data. This will make long term trending much quicker to report on.

Good luck!

If my comment helps, please give it a thumbs up!
0 Karma

charlesukah22
Explorer

Thank you. Appreciate it

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...