Splunk® Success Framework

Splunk Success Framework Handbook

Download manual as PDF

Download topic as PDF

People best practices overview

The best practices in the people functional area focus on learning incentives and role-based access to features and data to empower users to get the most out of Splunk software. The people functional area ensures that everyone who uses Splunk has an education plan, and that they earn additional access and capabilities when they advance their knowledge and experience.

People best practices also ensure that each team has a safe workspace where they can experiment with new ideas and collaborate.

Follow these best practices according to the standard, intermediate, or advanced goals you have set.

Activities Standard) Intermediate Advanced

Processes to request and grant access to Splunk software from individuals or a team.

Accept ad-hoc requests (email, chat, voice)

Utilize the Request Workflow for Splunk app (see Ticketing/workflow system on Splunkbase)

Establish self-service automation that includes universal access


Criteria to determine the appropriate Splunk roles and capabilities to assign.

Utilize default roles

Develop custom roles that inherit capabilities hierarchically

Develop a team workspace app as the default app (see Workspace best practices)

Develop a welcome page to help users get started (see Welcome page best practices)

Everything outlined in standard

Use roles to separate access to data from capabilities (see Role-based data management best practices)


How Splunk software is configured to satisfy an incoming access request.

Utilize native Splunk Enterprise authentication

Leverage an external directory system such as LDAP or SSO

Use only an external directory system


Processes for the requestor to communicate and validate that their access request has been fulfilled.

Requester validates completed work

Requester validates work in progress

Requester validates work in real-time


Processes to update user and team access needs and remove users or teams when they no longer need access to Splunk software.

Utilize an IT-defined process for removing an account

Everything outlined in standard

Manage and reassign orphaned objects

Same as intermediate


Practices in place to empower end users to increase their Splunk skills and role capabilities.

Use panels in your Welcome page to direct users to relevant documentation (see Welcome page best practices)

Everything outlined in standard

Establish Splunk education paths by role

Encourage users to set up their own Splunk sandbox (see Sandbox best practices)

Establish an incentive-based access plan (see User enablement best practices)

Everything outlined in intermediate

Attend Splunk policy events

For guidelines about user enablement, see User enablement best practices.

Data best practices overview
Change management best practices for a Splunk deployment

This documentation applies to the following versions of Splunk® Success Framework: ssf

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters