How Crowdsourcing is Shaping the Future of Splunk Best Practices

Splunk best practices are as widespread and diverse as machine data.

Splunk's mission is make machine data accessible, usable and valuable to everyone. The mission of Splunk's Product Best Practices team is to make Splunk software accessible, usable and valuable to everyone. We do this with best practices that maximize and accelerate the value customers get from Splunk software.

To rein in Splunk's widespread best practices, we needed a way to enable subject matter experts—whether they're customers, partners or employees—to consolidate, collaborate on, and vet best practices in one place. And for people seeking answers to request, find and ask follow-up questions in that same place.

Driving a top-down solution seemed logical, but we soon realized that would take too long and we'd never be able to include everyone, let alone drive consensus. Our solution had to be customer facing, searchable and living, and draw from a wide range of subject matter experts on a wide range of topics.

At scale.

Right now.

In short, we needed to crowdsource.

The Splunk Approach

The Splunk approach to data at scale is to ingest data from anywhere and be able to ask it any question at any time.

So we turned to Splunk's own crowdsourcing platform, Splunk Answers. Splunk Answers is like many company Q&A platforms, except, as one customer put it, "it's spiked with a passionate user community and a slew of qualified uber-Splunk ninjas—the SplunkTrust." So these discussions are really an opportunity for Splunk enthusiasts and experts alike to democratically collaborate on the best way to do things. Moderators keep things honest, and tags keep things organized.

This is the getting-data-in phase of the Splunk approach to best practices. Validated content on Splunk Answers becomes a persistent, living repository of wide-ranging best practices ready for immediate access. It also becomes a source for ongoing work inside Splunk to develop schemas that organize these best practices for specific paths.

How Crowdsourcing Splunk Best Practices Works

• We ask and answer our own questions. By asking our own questions, we strive to frame the value or "why" such a practice is of use beyond its technical merits.
• We tag posts with 'validated_best-practice'. Any Splunk Answers user can follow the tag to receive email notifications, ask questions, and add richness to the discussion.
• Moderators keep it real. Splunk Answers moderators help facilitate and move threads along.
• Best practices live and breathe. Content can grow and evolve. If a 'validated_best-practice' gets adopted in another place, such as Splunk docs, we link to the new content in the Splunk Answers thread.
• Enrichers earn karma points. If a you provide an enriching contribution or connect the dots among related posts to help us create a single, concise answer, you can earn Splunk Answers karma points.

Where YOU Come In

Crowdsourcing is no fun without a crowd! Follow the validated_best-practice tag to join in the conversation and receive email notifications when new content is posted.

1. Sign into Splunk Answers
2. Follow the tag validated_best-practice: Click + Follow to receive notifications about posts and changes to articles tagged validated_best-practice. Don't see + Follow? Try signing in!
3. Watch for emails from the Splunk Answers platform about new content and add your voice! Invite your colleagues to join, too!

We look forward to collaborating with you in our quest to make Splunk best practices centralized and validated!