Preparing to Migrate to the Splunk Cloud Platform

Splunk, the primary centralized logging system used at the university, is about to get much better.

Migrating to the Splunk Cloud

If you already use Splunk, you know that University IT (UIT) has been maintaining and operating the NextGen Splunk environment to enhance our security controls, differentiate between operating system and application log files, and compile all log files into an easy-to-report format.

The current version of Splunk infrastructure has been on-prem for more than six years. Starting on March 18, 2024, we’ll be working with the Splunk Professional Services team to transition to the Splunk Cloud instance.

While we are working on these transition efforts, there will be NO impact on your team’s App/Server log ingestion to the on-prem instance.

Here’s what to expect

• Log retention in the Splunk Cloud will be for 12 months.
• On-prem logs will remain in a read-only mode for 18 months after the cutover date to Splunk Cloud. Historical logs from the on-prem instance will NOT be migrated to the Splunk Cloud instance.
• We will share the Splunk Cloud URL prior to the cutover. All the access controls currently in place for on-prem instances will be replicated for the Splunk Cloud instance.

Learn more

We will be working with the vendor to schedule training sessions to help you get more familiar with the Splunk Cloud. Please watch for an email with the Splunk Cloud go-live date that will be sent to the Splunk users email list and posted in the Slack #splunk channel under 'Stanford Communities of Practice.'

If you have questions or would like to use Splunk to collect and analyze data for your work, please submit a Help ticket.