Splunk Staging & Security

 

Next Steps
Overview Embedded BI BIRT Integration KNIME Integration Splunk Integrations Cloud Dashboard Data Preparation

Wrangle, Index and Secure Data for Splunk Seamlessly

Splunk is a robust analytic tool for a variety of data sources. However, Splunk cannot ingest dark data in a comprehensive way, and it lacks the kinds of data-centric masking capabilities that compliance-minded BI/DW and data governance architects require. With IRI software and Splunk combinations like these, you can do a lot more:


  1. Index Splunk Immediately With Prepared and Protected Data

Using either the Splunk Universal Forwarder with IRI Voracity, or the IRI Voracity Data Munging and Masking App for Splunk, you can leverage the extremely fast data wrangling and de-identification capabilities of IRI Voracity and the visual analytics and actions you can take on that data with Splunk. Integrate, cleanse, and anonymize huge, raw data sets in a variety of formats and index them in Splunk immediately, through memory.

IRI app for Splunk


  1. Prepare Unstructured Data Sets for Splunk

The dark data discovery wizard in the IRI Workbench GUI can search and structure data in images, unstructured text files, and MS Office documents, email repositories, and .pdf, .rtf, and .xml files all at once. It can also discover forensic metadata about each data source with an element matching the user's search pattern(s).

The resulting flat file contains all the data (and optional metadata) results, which Splunk can index easily ... and even display in the same GUI with your data preparation and management activities:

Splunk output in IRI Workbench


  1. Protect Data for Splunk, With or Without Reversibility

Splunk has identified a number of data encryption scenarios, but it does not offer the format-preserving encryption of IRI FieldShield (available in the same GUI above or as part of a Voracity subscription) that maintains realism for data entering or referential integrity for data leaving. Use Splunk Universal Forwarder -- or the IRI app or add-on for Splunk -- with a FieldShield (or IRI RowGen test data synthesis) job to index this data into Splunk as it is masked (or generated).

Because IRI data masking functions are at the field level, they are more secure; if (unlike Splunk) an encryption key is disclosed, other fields with other keys or algorithms are still safe.


  1. Send IRI Data Security Software Logs to Splunk

In addition, all IRI static data masking products -- FieldShield, DarkShield, and CellShield EE -- can produce audit trail output suitable for Spunk Enterprise Security (ES) SIEM/ SOC environments. This includes the ability to create adaptive responses and Splunk Phantom playbooks to take direct action on the identified data.

See this press release for links to articles on how to display and act on data from IRI products like DarkShield in Splunk! Here is an example of Splunk ES visualizing DarkShield dark data search and masking logs: 

Splunk output in IRI Workbench
Share this page

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.

X

Try Voracity Free

Present and Prepare Data Seamlessly


Get Info See Demo