Splunk® Center of Excellence

Splunk Center of Excellence Handbook

Download manual as PDF

Download topic as PDF

User and Team Lifecycle

Activities in the User and Team Lifecycle service area enable and empower your Splunk community. This service area ensures that every individual within your community has an education plan, and that you grant additional capabilities only when they meet your education requirements. User and Team Lifecycle also ensures that each team has a safe workspace where they can experiment with new ideas and collaborate.

Activity matrix for User and Team Lifecycle

Build these activities into your implementation plan according to Good, Better, or Best depending on whether you are implementing Splunk software as a solution, a service, or a strategy.

Activities Good Better Best

Processes to request and grant access to Splunk software from individuals or a team.

Accept ad-hoc requests (email, chat, voice)

Utilize the Request Workflow for Splunk app (see Ticketing/workflow system on Splunkbase)

Establish self-service automation that includes universal access


Criteria to determine the appropriate Splunk capabilities and role to assign.

Utilize default roles

Develop custom roles that inherit capabilities hierarchically

Develop a team workspace app as the default app (see Apps as team workspaces for the Splunk CoE)

Develop a welcome page to help users get started (see Welcome pages for the Splunk CoE)

Everything achieved in Good

Use roles to separate access to data from capabilities (see In depth: Role separation and data governance)


How Splunk software is configured to satisfy an incoming access request.

Utilize native Splunk Enterprise authentication

Leverage an external directory system such as LDAP, SSO, and so on

Use only an external directory system


Processes for the requestor to communicate and validate that their access request has been fulfilled.

Requester validates completed work

Requester validates work in progress

Requester validates work in real-time


Processes to update user and team access needs and remove users or teams when they no longer need access to Splunk software.

Utilize an IT-defined process for removing an account

Everything achieved in Good

Manage and reassign orphaned objects

Same as Better


Practices in place to empower end users to increase their Splunk skills and role capabilities.

Use panels in your Welcome page to direct users to relevant documentation (see Welcome pages for the Splunk CoE)

Everything achieved in Good

Establish Splunk education paths by role

Encourage users to set up their own Splunk sandbox (see Sandboxing for the Splunk CoE)

Establish an incentive-based access plan (see User enablement for the Splunk CoE)

Everything achieved in Better

Attend Splunk policy events

For guidelines about user enablement, see In Depth: User enablement for the Splunk Center of Excellence.

Use Case and Data Lifecycle
In depth: Change management for the Splunk CoE

This documentation applies to the following versions of Splunk® Center of Excellence: current

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters