Splunk® Product Best Practices

Splunk Platform Best Practices

Download manual as PDF

Download topic as PDF

Best practices to start your journey with the Splunk platform

The best practices to start your journey with the Splunk platform help you start using the Splunk platform to achieve value and insights as quickly as possible. Each step in the journey includes a link to validated best practices on Splunk Answers. The best practices define concepts and provide context to understand the intricacies of the software. Each validated best practice topic includes a Things to do section to allow you to put those concepts into practice immediately.

Since the topics and corresponding best practices are listed in sequence, work through each topic in the order presented to expedite your learning.

A lot of the product information and best practices apply to both platforms. In cases where the information is different, either Spunk Enterprise or Splunk Cloud is specified in the reference.

Get started with the Splunk platform

When you begin using Splunk Enterprise or Splunk Cloud, start with understanding the key concepts and components of the Splunk platform. After your comfortable with the basics, use that base knowledge to create searches and dashboards.

Topic Best practices
Overview of the Splunk Platform See Splunk overview, introduction, and getting started resources? on Spunk Answers.
Key concepts See How do I get new users acquainted with the basic anatomy of how Splunk Enterprise works? on Spunk Answers.
Getting data in For Splunk Enterprise, see Where to find resources about getting data into Splunk? on Splunk Answers.

For Splunk Cloud, see Overview of data and getting data into Splunk Cloud? on Spunk Answers.

Searching See What are the basics for using the Splunk search interface? on Spunk Answers.
Knowledge Objects See What are knowledge objects, and what do I need to know about them? on Spunk Answers.
Searches and dashboards See Can I have an overview of how Splunk reports and dashboards work? on Spunk Answers.
Configuration files For Splunk Enterprise, see Can I use configuration files to extend the power of Splunk Enterprise? on Splunk Answers.

For Splunk Cloud, see Can I use field extractions and lookups to extend the power of Splunk Cloud? on Splunk Answers.

Learn and implement best practices

This section builds on the basics with in-depth information about concepts and components and how to use them. Use the following best practices to broaden your user base, monitor your system, build a sandbox for development teams, and learn best practices to optimize your system.

Topic Best practices
Configuration files and deployment server For Splunk Enterprise, see Can I use a deployment server to scale my Splunk Enterprise deployment? on Splunk Answers.

For Splunk Cloud, see Can I use forwarders to scale my Splunk Cloud deployment? on Splunk Answers.

Roles and governance See Can I get an overview of how Splunk permissions work? on Splunk Answers.
Index management and archive storage For Splunk Enterprise, see How many indexers do I need in my Splunk deployment? on Splunk Answers.

For Splunk Cloud, see Can I archive data in Splunk Cloud? on Splunk Answers.

Monitoring system health For Splunk Enterprise, see How do I get started monitoring system health on Splunk Enterprise? on Splunk Answers.

For Splunk Cloud, see How do I get started monitoring system health on Splunk Cloud? on Splunk Answers.

Sandboxes and production workflow See Any tips for setting up a production workflow that includes sandboxes, a test lab, and a production environment? on Splunk Answers.
Private Apps, version control For Splunk Enterprise, see What is Splunk Dev, and how do we use it to develop and share our own apps? on Splunk Answers.

For Splunk Cloud, see Working with custom apps in Splunk Cloud? on Splunk Answers.

Expand and scale your Splunk platform deployment

This section covers material to expand and scale the use of Splunk Enterprise and Splunk Cloud. Use the following best practices to troubleshoot and maintain your environment, plan for the future, and start building Splunk apps.

Topics Best practices
Capacity planning, troubleshooting, and health For Splunk Enterprise, see Capacity planning best practices for Splunk Enterprise? on Splunk Answers.

For Splunk Cloud, see How do I get started monitoring system health on Splunk Cloud? on Splunk Answers.

Search optimization For Splunk Enterprise, see Best practices for search optimization for Splunk Enterprise? on Splunk Answers.

For Splunk Cloud, see Best practices for search optimization for Splunk Cloud? on Splunk Answers.

PREVIOUS
How to use the Splunk platform best practices index
  NEXT
Best practices to deploy and administer the Splunk platform

This documentation applies to the following versions of Splunk® Product Best Practices: current


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters