More Data. Longer Retention. Lower Cost. Without Replacing Splunk.

BTG Pactual, a global financial institution, faced challenges with its Splunk environment due to increasing data volumes, retention requirements, and complex investigation needs that were not adequately addressed by the existing infrastructure. To tackle these issues, the institution adopted Imply Lumi, a high-performance data layer designed to complement Splunk by aligning storage and compute resources according to workload needs, rather than forcing all data into a single model. This strategic shift allowed BTG to ingest more data, extend retention from 90 days to a full year, and reduce costs per gigabyte by 60% without altering existing workflows or requiring new infrastructure. By separating detection and investigation workloads, with the former running on static compute and the latter on scalable elastic compute, BTG could access deeper historical data and conduct large-scale investigations more efficiently, all while maintaining the familiar Splunk interface for dashboards and queries. This approach highlights a broader industry trend where security teams are rethinking infrastructure to better support the distinct needs of detection and investigation processes.