Splunk® Center of Excellence

Splunk Center of Excellence Handbook

Download manual as PDF

Download topic as PDF

In depth: Change management for the Splunk CoE

Organizations must consider which changes in Splunk (Splunk changes) warrant change management oversight. Change management governs which users can enact changes and when changes warrant review by the change management board. The change management board allows your organization to monitor change which can lead to significant increases in stability with Splunk.

Change management is the process that governs the change life-cycle from the initial change request to the final deployment of the change. It may include identification, request, assessment, procurement, evaluation, authorization, development, testing, and deployment of changes. Change management is the end-to-end process for change.


Difference between change management and change control

Change management encompasses the entire change life-cycle, whereas change control is a sub-process, and can be a stand-alone process, within change management. Change control’s core focus is ensuring releases or deployments do not conflict with other production components. The level of risk is typically higher and often accepted.

Critical and time sensitive platform changes, such as a security patch, are often subjects that path through change control.


Use change management to govern all changes unless they are out of scope to ensure they follow these guidelines:

  • Documented and defined process to authorizing and deploying changes
  • Common and visible method for changes
  • Record of change to support platform heath and troubleshooting


Design a framework to provide both structure and flexibility. However, note that with flexibility comes the opportunity for an endless cycle of variations. Consider a moderate or limited approach that can quickly evolve through usage and experience such as:

  • Change in scope (what is in scope or out of scope?)
  • Change management process (what are the steps and activities?)
  • Change pathway definitions
  • Change management responsibility assignment matrix (RACI)
  • Splunk change scenario matrix

More resources

User and Team Lifecycle
In depth: Communication plan for the Splunk CoE

This documentation applies to the following versions of Splunk® Center of Excellence: current

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters