Overview
Splunk is Dartmouth’s centralized machine data platform, supporting a wide range of operational, security, and business needs. It collects, indexes, and analyzes real-time data from systems and applications across campus, transforming raw logs into meaningful insights and actions.
Splunk helps answer questions such as:
-
What is happening in my system or application right now?
-
How can I detect anomalies or failures before they impact service?
-
How can I automate responses to known issues or security threats?
Mission Statement
Our mission is to promote a data platform that fosters actionable insights for security, operational alerting, automation, and analysis. We strive to deliver a reliable, extensible service that supports the Dartmouth IT community in turning data into insight and insight into action.
Onboarding Requirements
When requesting to send new data into Splunk, please provide:
-
Hostname(s) or system(s) sending the data
-
Expected log source type
-
The index where data should be stored
-
Estimated data volume (GB/day)
-
Purpose of the data (e.g., monitoring, alerting, compliance, troubleshooting)
-
Data classification (public, internal, restricted, etc.)
Actionable Data Requirement
All data onboarded should be actionable, meaning it:
-
Supports alerting, monitoring, or forensic investigation
-
Contributes to dashboards or automated workflows
-
Has a clear purpose aligned with operational or security goals
Data without a clear use case or ownership may be rejected or flagged for review. The Information Security team is available to consult on use cases, indexing strategies, and dashboards to ensure your data is valuable from day one.
Support & Questions
The Information Security team, in partnership with ITC, manages Splunk infrastructure, onboarding, and data support.