fbpx

Why do companies use Conducive's Archiver for Splunk App?

Restore, Report and Archive - Is it right for you?

Step 1: Watch the video

Step 2: Take the Quiz and Schedule a Demo

play
Book a Demo

130 Clients and Counting

Case Studies

Restore Splunk Frozen Data

"We started off using Splunk's built-in mechanism to freeze/archive our compliance data. What we didn't realize at the time was how difficult it would be to restore that data. 

Our auditors requested that we go through an exercise to prove we could restore data for a specific time period across specific hosts. That's when we discovered we had millions of frozen archive files in the S3 archive. Because the entire archive was multiple terabytes of data, we we knew we didn't have enough disk space to restore all of it, which would have been the easy solution. Our goal was to restore the subset of frozen files requested by the auditors, but we calculated it would take at least 6 person-days to identify the files we needed to restore.

We started searching the web for a solution when we found Conducive and their Archiver for Splunk. Using Conducive's Archiver we were able to scan and catalog our existing archive, allowing us to restore the exact data requested by the auditors, all in less than 1 day.

We're now using the Archiver to both manage frozen data archiving, as well as using it to provide reports to the auditors and restore the data as requested. We can do all of this from a UI that lets us choose the date ranges, sourcetypes, indexes and hosts to restore. The entire process usually only takes a few minutes of time."

- National Retailer located in the Midwest

OLD WAY: Search through millions of files to find the frozen data you need to restore.

Directory of frozen data.

NEW WAY: Restore at the click of a button.

Use Conducive's Archiver to select the date range, source types, hosts and/or indexes to restore.

Click a button to restore.

- Government Agency

Archiving Made Simple - IRS Data Retention Requirements

"Due to our work with the IRS, we are required to store 7 years of transactional data for any system that even remotely touches the IRS transactions. With a 200GB license, this translates to about 255TB of uncompressed storage in 7 years. We wanted to store the data securely in the cloud, instead of on-premise. Secondarily, we were worried about restoring frozen data at this volume. We didn't think it would be easy to find the specific frozen folders that contain the hosts or sources requested by Auditors."

Auditor Report: Source Types and Hosts

"We started with the idea of using Splunk's built-in solution, but wanted a more comprehensive enterprise solution that includes compression, encryption and native cloud storage integration. After talking with a few Splunkers, we were introduced to Conducive and their Archiver for Splunk. Conducive's solution enabled us to easily manage our Splunk frozen/archived data."

After implementing the Archiver, we reduced our storage costs to about $4/TB/month, or a little over $1000 per month in 7 years - and this number is dropping because cloud storage costs are dropping. We're also able to easily provide reports to auditors and restore data with the click of the mouse."

Auditor Reporting

"Our internal policy requires that we store 6 years of data, and our Auditors have asked that we provide reports proving this data is available and submit to the occasional test to restore the data. We currently keep 18 months of storage accessible. We don't want to keep 6 years of accessible data on local disk, and we don't want to use Splunk's S2 implementation to move searchable data into the cloud. We'd prefer to compress and archive the data to keep the Auditors happy.

We found Conducive's Archiver for Splunk by searching the Spunk App Store (Splunk Base). Their solution gives us reporting and restoring, along with managed archiving in the cloud. Additionally we can compress and encrypt the data in transit and at rest.

Using Conducive's Archiver for Splunk, we are able to provide timely reports to our Auditors and restore data as requested.

We're now using the Archiver to both manage frozen data archiving, as well as using it to provide reports to the auditors and restore the data as requested. We can do all of this from a UI that lets us choose the date ranges, sourcetypes, indexes and hosts to restore. The entire process usually only takes a few minutes of time."

- Midsized Manufacturer based in the Midwest

Book a Demo

Features and Benefits

One click restore .

  • Restore frozen data based on time range, host, sourcetype and index.
  • Archiver retrieves selected data from storage with the click of a button.

Managed archival process

  • Ensures that your frozen data is properly archived.
  • Easily create reports for your auditors.

Reporting

  • Provide auditors with reports proving the data is archived/frozen.
  • Prove to Auditors that your data is restored.
  • Have a reporting solution ready when the Auditors ask.

4

Compress data to save storage space

  • Automatically compress data to about 20% of the original size.
  • Reduce storage costs.


Encryption.

  • Once the data leaves Splunk, it remains encrypted throughout the entire process
  • Encrypted at rest and in-flight.


Deduplicate data.

  • Deduplicate buckets from clustered indexers. (A clustered indexing configuration will contain multiple copies of buckets.)
  • Store only one copy of these buckets, saving you time and money


Cloud or on-premise storage

  • The Archiver integrates will all major cloud storage provides.
  • Or choose to store locally.
  • Storage costs as low as $ for TB per month.
Book a Demo

Questions and Answers

Why buy from you?
What makes you so special?

Conducive has been helping companies derive business value from their data since 2006. We have been been a Splunk partner since 2012. We are a technical company that understands business. Conducive is the only company providing an Enterprise Archiving Solution for Splunk.

Who are you guys, anyway?

Conducive has been in business since 2006. We are a Splunk Accredited PS Partner, a Splunk license reseller and technical software developers.

What happens if I wait?

You will be rushed to provide your auditor with reports and you'll struggle to restore your frozen data.

How much does it cost?

The price is based on a number of factors. Schedule a meeting with us so we can assess your situation.

Are there any long term contracts?

We require a minimum 3 year contract.

How do I present this to my team?

Tell your team how difficult it is to restore frozen data when you are faced with thousands or millions of frozen buckets, and tell them how the reporting will satisfy your auditor's requirements.

What does it integrate with?

The Archiver integrates with Splunk as well as all of the major cloud storage provides such as AWS and Google.

Book a Demo

The Team

Founder and CEO of Conducive

Architecting Splunk since 2012.

Solving business data issues since 1997.

Randy Hammelman​​​​

Certified Splunk Architect since 2012.

Co-author of Building Splunk Solutions .conf2015 edition.

Makes Splunk function optimally. 

Brian Schutz

Certified Splunk Architect since 2016.

Develops solutions for large companies with process and longevity in mind. 

Solves all of the problems in Splunk.

Andres Banuelos

​30 Day Money Back, No Questions Asked Guarantee!

100%

​Money Back Guarantee

star
star
star

​You are fully protected by our 30 day money back guarantee. If you are not satisfied with your purchase, for any reason at all, simply contact us within 30 days of purchase and our helpful support staff will promptly issue a refund.

Conducive Consulting, Inc.

3445 Executive Center Dr Ste 216

Austin, TX 78759

512-551-0660

Copyright Conducive Consulting Inc 2019. For our Privacy Policy, please email info@conduciveconsulting.com