Customer Story

Pro Sports League Unlocks Power of All Machine Data Sources

The league replaced its open-source Graylog system to improve operations and meet data growth

Customer Solution Requirements
  • The ability to work with a wide range of IT and security infrastructure
  • The ability to ingest machine data in raw format from any source
  • The ability to smoothly handle performance peaks during games

Industry: Professional Sports

Location: North America

About this Pro Sports League

When one of North America’s major professional sports leagues realized that its existing open-source security analytics solution, Graylog, couldn’t scale to meet its growing needs, the league began scouting for a high-powered replacement.

The league’s head of IT and security saw this as an opportunity to bring in a solution that could leverage the massive volumes of machine data generated across the league from enterprise applications, game operations, broadcasting and merchandising.

Customer Quick Facts


This professional sports league needed to improve upon the performance of the opensource security operations solution it was using, while also fully leveraging all of its operational data.


The Devo Data Analytics Platform easily ingests all of the league’s data, to provide real-time insights that help improve operations and security.


  • Daily ingestion of up to 2TB of data from more than 100 sources
  • Unified collection of operations and security data for improved operations and security
  • Cost-effective data infrastructure well suited for peak demand during games and minimal usage at other times
  • Real-time insights into enterprise applications

Wanted: A Solution to Handle Diverse Data Types

Like most professional sports leagues, this organization doesn’t own the sites where franchise teams play their games. That’s why it’s critical the technology the league uses must be capable of working in diverse data environments, e.g., Checkpoint at one site, Palo Alto at the next, etc. It also must be able to scale up to handle the peak amounts of data generated during games.

Unlike most businesses, where network load is relatively consistent from day to day, a professional sports league operates on a vastly different schedule. When there are no games being played, the network load is relatively minimal. But at game time the league needs 100 percent capacity as game operations, broadcasting and related activities ramp up. Traffic levels spike 500 percent when the action begins, and that continues for the duration of each game. That’s why this pro sports league needed a no-compromise data architecture

Why Devo

Several critical capabilities made Devo attractive to the league, including:

  • The ability to work with a wide range of IT and security infrastructure
  • The ability to ingest machine data in raw format from any source
  • The ability to smoothly handle performance peaks during games

The Results

Devo gathers and centralizes up to 2TB of data each day for the league—from more than 100 data sources. Previously, 80 percent of the data the league collected for network and IT monitoring was also collected by the security team, using separate solutions, which added unnecessary cost and complexity.

Devo made it easy to unify all the data so the league could collect it once for use by analysts in various groups. This greatly enhances efficiency and responsiveness, as the same data is used for many use cases.

The league relies on Devo for logging, threat hunting, application monitoring, and network infrastructure monitoring. The
organization now collects 100 percent of its security-relevant data for security operations center (SOC) analysts to query. The
time to alert is measured in milliseconds, greatly improving the league’s security posture.

Next Steps

As the league continues to grow, it will work with Devo to identify innovative new ways to leverage its increasing volumes of data and use the insights gleaned to improve operations and security.