Customer Story

Global Automotive Supplier Chooses Devo Over Splunk Cloud to Get Security Analysis Back on Track

At a Glance
  • Be scalable to immediately accommodate high-volume data bursts in the range of terabytes per day
  • A much simpler way to ingest, centrally consolidate, and manage data from multiple sources, with the ability to easily query all the data and obtain fast results

Industry: Automotive Supply

Location: Global

About The Global Automotive Supplier

A top global automotive supplier dropped Splunk Cloud in favor of LogLogic a few years ago due to high costs. But they became so fed up with LogLogic’s failure to deliver results they considered a return to Splunk Cloud.

While reevaluating Splunk Cloud, the team remembered how unhappy they were with the Splunk interface. So they expanded their search to include Devo. Another major issue they had with Splunk Cloud was how difficult—if not impossible—it was to search easily and quickly across multiple data sources.

Customer Quick Facts

Challenge

After dumping Splunk Cloud due to high costs and poor user interface and query performance, this top automotive supplier tried LogLogic, without success. It also was eager to improve its ability to centralize data collection from EMEA and Asia, and upgrade analysts’ ability to query the full data set. So, they gave Splunk Cloud another look, along with Humio and Devo.

Solution

Devo delivers the ability to ingest, store, and instantly query at least 400 days of hot historical data of any type in any location. Devo also gives analysts a user-friendly interface. This enables them to easily customize and execute queries and subqueries across multiple data sources using a single filter and get immediate results. The company’s data volume is expected to spike sharply from connected vehicles, and Devo showed it can handle tens of TBs of daily volume.

Requirements

  • Easy data analysis, with intuitive dashboards analysts can customize without professional services help
  • A much simpler way to ingest, centrally consolidate, and manage data from multiple sources, with the ability to easily query all the data and obtain fast results
  • Certified for deployment on all major cloud providers, e.g., AWS, Microsoft Azure, and Google Cloud Platform
  • Be scalable to immediately accommodate high-volume data bursts in the range of terabytes per day

Wanted: A Solution to Centrally Manage Global Data

A member of the Fortune Global 500, this North American automotive supplier with major facilities in EMEA and Asia had booted Splunk Cloud a couple of years ago due to its high costs.

Analysts were frustrated with how difficult it was to tie together all data sources, search across multiple sources, and obtain results quickly. First, the company replaced Splunk Cloud with LogLogic, but the effort was unsuccessful. Because the automotive supplier has major operations in EMEA and Asia, it needs to centrally manage, enrich, and analyze across the entire data set, even when it is stored in other locations, to comply with data sovereignty requirements.

This specific need, along with numerous LogLogic shortcomings, such as not being able to search by user name or hostname, raised concerns about compliance risks if the company couldn’t manage and search all of its global data. So they jettisoned LogLogic and began a new search, revisiting Splunk Cloud while also examining Devo.

Why Devo

Several critical capabilities made Devo attractive to the customer, including:

  • The ability to easily analyze data, using the built-in Activeboards to bring machine data to life with rich visuals, intuitive dashboards, and interactive capabilities
  • A much easier way to search across multiple data sources and support for use of subqueries, and searching by user name and hostname
  • Devo conducts queries via an easy-to-use graphical user interface, which appeals to casual users. More advanced users can use the Microsoft LINQ language, which is more widely known and easier to use than SPL
  • Designed ‘for the cloud’ with a multitenant architecture, Devo enables deployment in all major cloud providers—including Microsoft Azure, Amazon Web Services, and Google Cloud Platform—for maximum flexibility
  • The ability to easily scale, ingest, and manage large volumes of data (e.g., multiple terabytes), regardless of geographic location, into a single, centrally managed data source that could scale to more than 50TB per day
  • Because it doesn’t index data upon ingest, Devo delivers high parsing performance with all data available for immediate query
  • Devo combines at least 400 days of historical hot data with the most recent data, making ad hoc query results across the entire data set virtually instantaneous, compared to more than 24 hours for Splunk

How much can you save?

The Devo architecture yields increased performance and significant cost savings. Ready to see how much you can save?

Next Steps

Once this deployment is up and running, the customer will begin exploring Devo for IT Operations as well as collecting data from connected automobiles.