Splunk® Center of Excellence

Splunk Center of Excellence Handbook

Download manual as PDF

Download topic as PDF

In depth: Roles and responsibilities for the Splunk CoE

A Splunk CoE team is made up of roles that demonstrate different strengths and skills with Splunk software and within your general business. These roles reflect the business skills needed to fulfill the associated duties, and do not necessarily map directly to the Splunk platform default user roles. One person on your Splunk CoE team can fulfill more than one role. Splunk CoE roles and responsibilities are a good way to manage an incentive-based access model to encourage your user community to build and grow their Splunk software skills.


Splunk roles and responsibilities

The following table describes the Splunk CoE roles, their general focus, and the recommended minimum level of Splunk education required for that role. A Splunk CoE team member can have a higher level of Splunk software certification than is required for that role.

'Customer-facing' in this context means those in your Splunk user community who make use case requests of your Splunk CoE team.

Splunk role and responsibilities Required skills Recommended education requirements


  • Designs and optimizes Splunk platform architecture for large-scale and distributed deployments
  • Establishes best practices and development standards, and ensures that the team adopts them
  • Maintains a close partnership with Splunk on feature requests, upgrade planning, and product roadmap alignment
  • Experience with interconnected, heterogeneous systems
  • Strong understanding of industry standards and technologies


  • Develops and customizes Splunk apps and dashboards
  • Implements integration with external systems
  • Builds advanced visualizations
  • Basic web design
  • Scripting (such as Python or other)


  • Implements and maintains Splunk platform infrastructure and configuration
  • Undertakes day-to-day operational and user support
  • Executes new projects as well as data and user onboarding
  • Staffs help desk for Splunk platform system-related assistance
  • WIN or *nix systems administration
  • Networking background
  • Familiarity with common infrastructure technologies


  • Endorses and provides resources for the Splunk software investment
  • Brokers political alignment at the executive level
  • Strong business acumen
  • Management experience
  • Considered an 'influencer' at the organization
  • Actively engaged in promoting Splunk software as a solution, service, or strategy


  • Customizes queries
  • Promotes advanced searching, forensics, analytics
  • Effects creative solutions to complex problems
  • Staffs help desk for search-related assistance
  • Splunk Search Processing Language (SPL)
  • Splunk solution expert knowledge


  • Manages data onboarding and defining configurations
  • Performs data interpretation, classification, and enrichment
  • Builds data models
  • Manages knowledge objects (fields, extractions, tags, event types, lookups, workflow actions, aliases, macros, and so on)
  • Configures summary-based reports and data model acceleration
  • Experience with basic Splunk Search Processing Language (SPL)
  • Strong understanding of Splunk platform configuration, web UI and Common Information Model
  • Basic understanding of regular expressions


  • Manages the Splunk implementation team
  • Ensures Splunk implementation meets business requirements
  • Provides oversight on projects and cross-departmental initiatives
  • Spearheads communication to stakeholders
  • Facilitates maturity of the Splunk implementation team and user base through education programs
  • Strong business acumen
  • Management experience
  • Some project management
  • There should be only one program manager


  • Scopes project requirements
  • Manages project timelines
  • Communicates progress and risks to stakeholders
  • Bridges interactions between stakeholders and Splunk implementation team
  • Chief cat herder
  • Project management expertise
  • Excellent communication skills
  • Detailed knowledge of organizational and business process


  • Appreciates the value returned from Splunk analytics and reports
  • Consumes reports, dashboards, alerts, and other use case-related dashboards
  • May also include users who are Splunk Certified Power Users
  • Varying levels of technical competencies and experience with SPL
  • Can consume dashboards and alerts or write searches if inclined
  • Experience with web browsers

More resources

In depth: RACI responsibility assignment for the Splunk CoE
In depth: Role separation and data governance

This documentation applies to the following versions of Splunk® Center of Excellence: current

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters