Rethinking the Role of Compliance

Splunk Services Success Stories

Q-Splunk Services provides specialized consulting to help organizations optimize and enhance their Splunk environment, and we’re proud to share their success!

Navigate to a Success Story

Federal Agency

Customer Scenario and Challenge:

The customer needed to gain operational insight into its entire hybrid IT infrastructure, including on-premises, containers, virtualized hardware, and cloud. It sought enhanced monitoring, alerting, and incident response capabilities across this complex environment.

Qmulos Solution:

Qmulos Splunk engineers implemented several Splunk apps and add-ons to streamline data ingestion and deliver visibility across the agency’s infrastructure:

  • Splunk Add-on for Windows and Splunk Add-on for Linux to collect metrics from Windows and Linux systems
  • Splunk Connect for Kubernetes for visibility into Kubernetes clusters
  • Splunk Add-on for VMware for virtual machine and hypervisor metrics
  • Splunk IT Essentials for out-of-the-box views, dashboards, reports, and alerts
  • Consulting and implementation services to accelerate time-to-value


The client gained immediate visibility, monitoring, and alerting for its hybrid infrastructure. The security operations center can now take actionable steps to identify, remediate, and reduce IT operations-related incidents.

Key benefits:
  • End-to-end visibility across 7-10 TB of data per day
  • Monitoring coverage increased from 10% to 95% of infrastructure
  • Improved incident response and issue resolution
  • Enhanced infrastructure optimization
  • Ability to add higher value services like ITSI in the future
Comments from Customer:

According to a Branch Director who worked closely with Qmulos’ engineer, “We didn’t have this kind of visibility before, and now that we have IT Essentials, we do. This is great! I can’t wait to gain more insight as we expand our use of Splunk.”

By leveraging Qmulos and Splunk, this customer gained the comprehensive visibility and tighter control it needs to fulfill its vital public health mission.

Health and Science University

Customer Scenario:

The data-heavy health and science field has innumerable use cases for Splunk, with Enterprise Security (ES) being commonly, though not always effectively, deployed. A Qmulos engineer set out to support a health and science university by reviewing the health of their ES application, and providing guidance on the best means of moving forward.

Specific Challenge:

This customer had a particularly large set of data for the size of the environment, with over twenty thousand universal forwarders spread across multiple data centers. They were only partially leveraging ES, with a lot of custom data parsing involved. The Qmulos engineer set out to find ways that the customer could better leverage ES and prime their environment to ideally implement SOAR, eventually.

Qmulos Solution:

A great deal of data hygiene efforts and teaching were required over the course of this short engagement. Some of the key accomplishments included:

  • Identifying over fifty specific, high value correlation searches from the Use Case Library for implementation
  • Performing a significant amount of CIM normalization/mapping
  • Identifying several opportunities for growth and provided guidance for next steps beyond the engagement period


Beyond the real-time technical achievements, the customer also gained knowledge from the engagement. They came to understand the benefit of leveraging Splunk Technical Add On’s, the value of datamodel acceleration, and the many user-friendly tools bundled into ES for improving security posture. Further, the customer came away with more clear direction for continued improvement and adoption of Splunk.


As often happens, the team members who interacted with the Qmulos engineers wrapped the project up with appreciation for the dedication to the customer’s happiness, and a wish to work together again!

International Telecommunications Company

Customer Scenario and Challenge:

Qmulos engineers are pros at managing and tuning Splunk environments of any size. A large international telecommunications company leveraged the expertise of a Qmulos engineer to reign in an environment that had grown steadily over the years, without much of the necessary tuning along the way.

The particular issues the engineer was tasked with resolving included significant skipped search ratios, a large number of unhandled messages on the Enterprise Security Search Head, and other typical issues found with steady growth and lack of consistent tuning. For context, this customer had nearly a petabyte of searchable data, 700 unique monthly users, and 200 unique daily users. They were leveraging SplunkCloud with unclustered Core and Enterprise Security (ES) search heads.

Qmulos Solution:

To help this customer, the Qmulos consultant added the Extended Search Reporting Dashboard and showcased the many benefits of the Cloud Monitoring Console. The engineer reduced the skipped search ratio from over twenty percent, to less than five percent, during peak times. Additionally, he implemented an understanding of best practices regarding saved search scheduling to avoid complications, tuned a variety of process heavy searches, dashboards, and accelerations, and resolved several data quality issues.

Comments from Customer:

Beyond those successes, the Qmulos engineer tutored the on-site team on best practices and provided guidance on how to move forward with proper, consistent checks and balances in place. The customer commented that “this teamwork proved to be extremely beneficial,” and that the engineer’s guidance will “help maintain optimal health going forward.”

Thanks to the technical acumen and mentor-like approach of Qmulos consultants, the customer was able to move forward with a better understanding of managing sustainable growth, monitoring common problems before they cause impact, following a standardized app and update review process, and better monitor their data quality.

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.