Gigamon Deep Observability App - Federated Search S3

The Gigamon App for Federated Search S3 is designed for customers who want pre-built dashboards, federated searches, and pipeline templates that provide deep visibility into security, operations, and compliance use cases while controlling Splunk ingest costs. PCI Compliance Use Case This app supports security, operations, and compliance use cases, with PCI compliance as one important example enabled by its tiered data strategy. 1. Send the necessary high-value data to the Splunk hot tier for immediate monitoring, detections, and operational dashboards. 2. Send the full JSON data stream to AWS S3 as the cold tier for lower-cost long-term retention. 3. Use Splunk Federated Search to query the data in S3 whenever audit, investigation, or compliance reporting is required. How it helps 1. Hot tier for immediate visibility The app keeps the most relevant PCI and security data in Splunk so teams can monitor in-scope environments, investigate active issues, and use pre-built dashboards without waiting on rehydration. 2. Cold tier for full-fidelity retention The complete JSON data set is stored in AWS S3, allowing organizations to retain broader telemetry and historical evidence without sending everything into Splunk hot storage. 3. Reduced ingestion cost By sending only the required data to Splunk and landing the full JSON feed in S3, the app helps reduce unnecessary ingest and supports a more cost-efficient retention model. 4. Federated access for compliance audits When PCI audits, quarterly reviews, or historical investigations are required, teams can use Splunk Federated Search to access the retained JSON data in S3 directly from the Splunk. Example For a PCI compliance deployment, an organization can send the most critical monitoring data to Splunk for day-to-day visibility while storing all JSON in AWS S3. This reduces ingest cost and preserves full-fidelity records. When an audit or compliance review happens, the retained data in S3 can be queried through Federated Search to support PCI reporting and investigation.