Getting data into Splunk, then directing Splunk on how to best understand that data can be tricky and time consuming if you are not trained in the art of Splunk. These Tips and Tricks are meant to help the Do-It-Yourself Splunker. For the rest of us whose task lists are running amok with projects due yesterday, there’s professional help.
Yes, there are plenty of avenues to get free help on Splunk:
* peruse the online manuals
* watch a video
* enroll in a Splunk training course
* call/email/submit a case with Splunk Support
* post questions to Splunk Forums
* pose questions to Splunk Answers
* gear up on best practices on the Splunk Wiki
* attend a Splunk Live event and bring your questions in person
* compliment your Splunk sales engineer 😉
Back to my point. In a fraction of the time required to take full advantage of the vast resources available (see above), hurdle the learning curve *and* deploy Splunk in your spare time, a Splunk Solution Architect can get you on your way to that next promotion. In the past 3 years, I have had the great privilege of working directly with many Splunk customers. The happiest customers are those who get up and running quickly with a Solution Architect.
Splunk Solution Architects are highly skilled in configuring, tuning and scaling Splunk. They have completed hundreds of Splunk engagements around the globe, some were probably done in your own backyard. Their experience integrating Splunk with home-grown/packaged technologies is unrivaled. They have seen all manner of architectures, and can balance best practices with project constraints and requirements. They could probably finish an implementation blind-folded with one hand.
Not only can they stand up an implementation of Splunk effectively, Solution Architects can provide guidance towards the most sensible architecture and system specs for your environment and needs. They can work with your team one-on-one to scope a deployment. They can customize Splunk by building searches, alerts, reports, dashboards. They can even fast track you from an older version of Splunk to the latest. Solution Architects have both deep product knowledge and the experience to build holistic solutions. While they are absolutely wonderful people who like to help, Splunk support engineers and sales engineers are transient, tactical resources. Engaging Splunk Professional Services is the most effective way to realize return on investing in a Splunk license.
If that doesn’t convince you, if I may, I’d like to tell you a story. I woke up one morning and could barely move my right hand. For months I lived with constant pain opening doors, combing my hair, trying to use scissors, even typing. I took the pain everywhere–to meetings, on the road, through airport security, on long walks. Early on, I consulted my sister the doctor and conferred with her doctor friends, who all told me to wear a wrist brace and simply stop using my hand for 3 months. At first, I saw it as an opportunity to become ambidextrous, and even enjoyed making up stories about how I was injured. After a few days, I grew weary of answering questions so I stopped wearing the wrist brace. The brace would go on or come off depending on how I felt about answering questions on any given day. The pain never went away.
For no less than 8 months, I hobbled along with a busted wrist, harvesting collective wisdom from well-meaning folks on carpel tunnel, massage therapy, acupuncture, X-rays, fractures. Then finally I went to visit a real doctor. The Professional asked me a series of questions. She pressed gently at various points on my wrist and asked about the type of pain produced. She reviewed the potential causes. Most importantly, The Professional told me to wear the wrist brace at night while asleep for 2 weeks. In only a few days, the pain had improved significantly. Two weeks later it was gone completely.
I could have saved myself months of pain, frustration, struggling, wondering what’s wrong, and believing all the free advice could stabilize it. Sound familiar?
Just give a Solution Architect a few days or better yet a week or more, and in return they will give you the keys to an intelligent and performant Splunk deployment. At which point, you can focus that laser intensity on solving problems for your business instead of wrestling with regex and wondering what goes where in which .conf file. Engage a professional and get better faster.