Sharing information in a global operation
You work in operations for a global mining company that has operational and IT environments all around the world. Here are some of the challenges you are faced with due to the size of your organization:
- Siloed tools, teams, and processes that cause delays
- Control rooms that are overwhelmed by alert noise, which limits the ability to measure progress against goals
The primary problem you want to solve for is how to get the right information to the right person at the right time.
Prerequisites
Software
How to use Splunk + Cisco integrated software for this use case
Due to the variety of hardware and software solutions involved in this use case, providing an exhaustive step-by-step guide for setting up all of these tools isn’t feasible in a single article. Instead, this article offers high-level overviews and practical examples, with links to more detailed documentation and support. We recommend using Splunk and Cisco Education resources to learn more about each product listed above. For personalized assistance, consider engaging with Splunk and Cisco Professional Services.
The next two sections provide an overview of what a real Cisco customer achieved through integrating all the products listed above:
Recommended solutions
Use the following Cisco technologies and their associated technical add-ons to send telemetry to the Splunk platform:
- Catalyst Center: Design network topologies, discover and provision devices, and enforce access control policies
- SD-WAN: Collect network and application performance data, network traffic data, security policy enforcement data, and more
- ThousandEyes: Collect network performance data, synthetic and end-user monitoring data, internet outage information, and endpoint user monitoring data
- ISE: Collect authentication, authorization, and user profile data across devices and networks
Splunk platform: Centralize telemetry from Cisco devices and software and correlate incident data, automated triage, and rapid domain access. Conduct deployment audits of everything on the network to know which are deployed and which are configured correctly.
Possible outcomes
- Faster resolution: ITSI and Catalyst Center telemetry in the Splunk platform can provide up to two times faster time to resolution. Additionally, ThousandEyes endpoint tests in Splunk Enterprise provide up to 40 percent faster WAN root-cause analysis.
- Better automation: Catalyst Center policy and SD-WAN automation can lead up to three times fewer manual network changes. Additionally, hardware and software lifecycle inventory planning can be automated. For example, what routers and switches are nearing the end of their lifespan or license has expired? Receive notifications so you can proactively change them out.
- Personalized IT: Single source of truth with customized dashboards and consolidated views for key personas, such as mine managers, NetOps, SecOps, risk & compliance staffers, and control room operators.
Additional resources
Now that you have an idea of how Splunk and Cisco products work together to improve your retail operations, watch the full .Conf25 Talk, Cisco + Splunk Product Integrations. In the talk, you'll see a more complete overview of Splunk and Cisco product integrations, more use cases, and an introduction to the Cisco Enterprise Networking for Splunk Platform.
In addition, you might find these Splunk resources helpful:
- Splunk Help: About the Splunk OT Intelligence App
- Cisco Documentation: Cisco ISE User Content, Release 3.5
- Cisco Documentation: Cisco Catalyst Center User Guide, Release 3.1.x
- Cisco Documentation: ThousandEyes Documentation
- Cisco Documentation: Cisco SD-WAN
- Splunkbase: List of Cisco-supported apps