TIPS & TRICKS

Shiny Splunk Cake

Splunk By Splunk December 27, 2011

It’s the season of shiny objects and there are a lot of them swirling around at Splunk–the newly announced Splunk Developer Platform, Splunk for Big Data, Splunk Storm, Splunk 4.3. I am a big fan of shiny objects, especially these. They are the icing that makes the cake. Icing without the cake is just… well, too sweet. So let’s make sure our cake is in good order.

Presenting a recipe for Splunk Cake…

…sort of. Have you ever wished for an enterprise deployment guide? I have. And it’s coming. Ever wondered if you’ve checked off all the major tasks for your Splunk implementation? Did you sometimes feel like you could use a map on your Splunk journey?

Here it is.

This is a general checklist of milestone tasks to tackle during the different phases of a Splunk deployment. It’s a bird’s eye view so there is plenty of detail and drill down best left to Splunk Documentation and discussion with your trusted Splunk adviser. It has, however, proven to be a simple and effective way to keep all the players on the team updated as we progress through the project. It’s not a replacement for a true project plan, but does outline the shape of a successful Splunk deployment when you simply don’t have the time or resources to create one.

The tasks list in rough chronological order from top to bottom/left to right, though some can be executed in parallel. Some of the tasks are iterative and some only need to be checked off once.

  • Infrastructure/Setup — One-time setup cost
  • Data On-Boarding — Ongoing, should be exercised as new data is added to Splunk
  • User On-Boarding — Ongoing, monthly workshops or quarterly training should be conducted for new users and as existing users progress
  • Care and Feeding — Ongoing, health checks should happen at least weekly, the more proactive the better

This map has been customized and used for live deployments. It’s easy for non-technical folks to follow and helps set the compass for often overlooked details like user on-boarding and maintenance. If you can check off all these items, then your Splunk cake is set, and you’re more than ready for the icing!

----------------------------------------------------
Thanks!
Vi Ly

Splunk
Posted by

Splunk