Log Analysis

Zoom logo

The log analysis service is responsible for collecting, indexing, correlating, and managing multiple streams of data owned by the University of Nebraska System.  Multiple systems and tools are used for this service.  The two primary tools are Splunk and Cortex Data Lake.

Splunk

NU maintains a Splunk Cloud instance to ingest and access multiple data sources. Splunk is a powerful data platform that enables NU to turn its machine-generated data into valuable insights and operational intelligence. Splunk helps businesses gain real-time visibility into their IT infrastructure, security systems, applications by collecting, analyzing, and visualizing data from various sources.  It facilitates informed decision-making, proactive issue resolution, and the identification of opportunities for optimization and growth.

Cortex Data Lake

NU maintains multiple Palo Alto Cortex Data Lakes to ingest, parse, and manage security logs from multiple systems.  These data lakes are resources which provide cloud-based, centralized log storage and aggregation for more than just the suite of Palo Alto licensed products.  Multiple log sources can be configured for ingest into the NU Cortex Data Lake.

SIEM

All of the collected logs are analyzed through us of a Security Information and Event Management (SIEM) system. The concept of a SIEM is to approach security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.

Benefits & Features

Splunk can be leveraged for the following features to enhance your operational requirements:

  • Dashboards
  • Alerts
  • Reports
  • Data Searches
  • Visualizations
    • Multiple options, see example below
  • Real Time Monitoring
  • Deep Analysis
  • Data Retention (up to 1+ year, depending upon legal requirements)

Additionally, Splunk can leverage add-ons & applications to enhance specific interactions and views of your data.  Splunkbase is an excellent resource to check app availability.

Cortex Data Lake can be leveraged for the following features:

  • Security log ingest & correlation with host devices / network connections
  • Security Alerts
  • Event monitoring and Incident Response
  • Dataset management

Getting Started

The first step in getting started is getting knowledge!

If you are a University of Nebraska employee or student worker, please consider starting your Splunk journey with the "Splunk Fundamentals" Bridge Course.

If you are not an NU employee or would like to deepen your knowledge of Splunk, please consider creating an account with Splunk STEP.  If you are an NU employee, please ensure at registration your company / organization field reads: "Board of Regents of the University of Nebraska"

Eligibility

Log Analysis service eligibility is limited to NU full and part time faculty, staff, and student workers.

All NU students are eligible to enroll in Splunk STEP which leverages the Splunk Academic Pledge.  This program offers free training and labs to students in academia through the STEP portal.

Pricing

Splunk Cloud is a third-party service purchased by the University of Nebraska.  There is no additional cost for employee access.  

Additional costs may apply to your department if requesting additional storage or retention beyond the established NU baseline.

Requirements

 

Options

 

Additional Information

Dashboards with multiple visualizations serve as an excellent method to dynamically visualize data and uncover trends or deviations.

Location

 

Availability/Hours

 

Support

For the most efficient support experience, please submit a ticket using the request form on this page. Alternatively, contact your campus Help Center location via email, by phone, or in person.

 
Splunk Request

Details

Service ID: 62
Created
Fri 12/22/23 9:08 AM
Modified
Fri 3/22/24 10:27 AM