oil and gas Industry- splunk project case study

About the company

This is a natural gas, oil exploration, and production company jointly owned by Shell Oil Company and ExxonMobil. In addition, it is one of California’s largest oil and natural gas producers, with an approximate revenue of over $2 billion in 2015. This company produces approximately 126,300 barrels of oil and 32 million cubic feet of natural gas each day. It has provided oil and natural gas reserves equivalent to approximately 536 million barrels of oil. Finally, this the company produces nearly 25 percent of California’s oil and natural gas.

CHALLENGES

This specific organization was using a version of Splunk that the vendor did not recommend. This is because their IT staff lacked the expertise and the company did not have a proper timeline in place to be able to upgrade their existing Splunk system. They initially used this as a monitoring tool and security model. To use the model, however, they had to normalize the data properly to prevent redundancy and to improve data integrity.  

They didn’t use the common information model (CIM) standard, which ensures all of the data sources had proper source types or data structures of an event. For the IT staff, CIM is important for the indexing process as well as compliance-based issues. Thus, data retention validation was needed to meet policies of persistent data or records management for meeting both legal and business data archival requirements. 

Assessment and solution

With their outdated Splunk application not meeting the recommended requirements from the vendor, this company reached out to the project staff at PM2NET in order to evaluate their Splunk environment and to incorporate improvements. The scope involved the redesign of their Splunk environment, as well as remodeling and adding new systems. This involved running the protocol using expert PM2NET engineering recommendations and best practices.

PM2NET capacity planning is the process of determining the production capacity needed by an organization to meet changing demands for its products. In the context of capacity planning, design capacity is the maximum amount of work that an organization is capable of completing in a given period. PM2NET recommended that the old sys logs be upgraded, as their old Splunk version did not have enough capacity. New system logs were built, along with the new configurations based on best practices, which allowed the traffic to be redirected from all network appliances to the new syslog servers. A new firewall was also generated to help protect their new syslog. Finally, a key fix involved the use of the CIM standard, which was incorporated to ensure security compliance. 

advantages

The new system was ready for future enhancement and bigger volumes. As a result, the data was normalized and updated with vendor-recommended source types, so it became useful for the valuable search/CIM functionality. The CIM lets you normalize the customer’s data to match a common standard, using the same field names and event tags for equivalent events from different sources or vendors. It also allowed a good way to monitor these sources for individuals in different roles to have insights on their needed data. Further, the data was normalized using Splunk-recommended source types, which allowed industry compliance.

With the consultations and upgrades from PM2NET, the Splunk upgrade met its potential for becoming the best performance value and cost-saving tool for the customer, since it eliminated all duplicate data feeds. SAN storage was also used to keep warm or cold data, so old data would be on demand for any event of security recovery, effectively meeting the security guidelines. As a result of PM2NET engineering efforts, their existing Splunk system advanced in capacity, incorporation of best practices, and compliance.