Conducting search activity and usage patterns audits on Splunk Enterprise
This article offers a checklist of tasks to assist self-service customers in conducting search activity and usage patterns audits on Splunk Enterprise. This is one of many processes involved in Running a Splunk platform health check.
Objective
Audit existing Splunk environment search performance, usage, and review associated settings
In-scope
- Concurrent ad-hoc and real-time search activity and validate search limit settings
- Event type review
- Search activity by user
- Search execution times
- Overlapping saved searches
Out-of-scope
Modifications to any Splunk configurations
Task-specific assumptions
- Current Splunk environment exists with no major changes planned while the health check is in progress
- A subject matter expert is available to provide deployment and sizing details around the current Splunk environment
- The person conducting this analysis has access to search the appropriate systems and data sources
Additional resources
Splunk Professional Services can assist with this or any other process involved in conducting a Splunk platform health check. Click here to learn more about working with Professional Services.