User enablement best practices for a Splunk deployment
User enablement is about motivating your users to learn and grow. When you provide an environment of incentive-driven access, you encourage users to explore and implement best practices, which adds value to the whole user community.
- Search expert
- Program manager
- Project manager
- User community
For more about these roles, see Roles best practices.
Guidelines for enabling users
To maximize user enablement, focus on these main principles:
- Incentive-driven user access
- User experience
- User roles and capabilities
- Don't be a "data butler"
- Users often want to skip the required education. If you are providing users with access and the information they need, this leaves them with little incentive to expand their own knowledge. Make sure users are motivated to learn best practices. This means limiting their access until they've completed certification and education.
- Encourage customer-facing groups to explore value-add activities
- Empowering users become capable of manipulating the data themselves leads to richer, dynamic insights that enables users to answer their own questions and make data-driven decisions.
- Require an education path prior to granting access
- Users can own and drive their own basic searching when they have established education paths and certification requirements. For recommended education requirements, see Roles best practices.
- Grant capabilities to advanced users only
- Grant capabilities only to users who qualify with your certification or education requirements. This means limited or no access until users have completed certification. Limiting access ensures that users are empowered to learn and implement their own best practices.
Guidelines for managing user experience
- Give each team their own app
- Create an app for each team and set this as the default in the navigation. Use the app as the team's dedicated workspace.
- Create a welcome page for each team
- Set up a welcome page for each team to improve the user onboarding experience and facilitate easy access to the resources they need. To create welcome pages, download the Welcome Page Creator from Splunkbase. For more information, see Welcome page best practices.
- Hide all other apps
- Remove read permissions for apps the user does not need, and to apps the user is not certified to use. As a general best practice, ensure that users are not distracted by other items deployed to the Splunk environment.
Guidelines for managing user roles and capabilities
- Split roles and capabilities
- Create roles based on data access and roles based on capabilities. This enables you to customize user access many ways without needing to create new roles. For more information about separating roles and access to capabilities, see Role-based data management best practices.
- Limit permissions
- Consider limiting permissions for features such as acceleration, scheduled searches, and real-time searches. If necessary, use search limits. Limiting permissions will optimize your search capacity. When granting capabilities, consider whether the feature you are granting access to could impact Splunk performance in a recurring way, such as scheduled searches, report acceleration, or searches that exceed the Splunk timeout limit.
Data onboarding best practices for a Splunk deployment
Lab environment best practices for a Splunk deployment
This documentation applies to the following versions of Splunk® Success Framework: ssf