Conducting environment discovery and server review on Splunk Enterprise
This article offers a checklist of tasks to assist self-service customers in conducting environment discovery and server review on Splunk Enterprise. This is one of many processes involved in Running a Splunk platform health check.
Objective
Complete an architecture design review session
In-scope
- Validate core Splunk system components and roles
- Discuss instance types used to host Splunk (physical or virtual)
- Validate server resources (CPU, disk, and memory) allocated
- Validate storage configurations
- Complete a use case discovery session
- Implement health monitoring tools
- Validate configuration settings relevant to the host operating system
- Analyze core Splunk resource utilization for signs of resource exhaustion
- Investigate Splunk system logs, errors, and warnings
- Validate deployment server and client configuration
- Validate Splunk Apps installed in the environment
- Discuss any clustering, high availability, or disaster recovery capabilities used in the environment including search head clustering, index clustering, or third-party synchronization of content
Out-of-scope
Modifications to any Splunk configurations
Task-specific assumptions
- Current Splunk environment exists with no major changes planned while the health check is in progress
- A subject matter expert is available to provide deployment and sizing details around the current Splunk environment
- The person conducting this analysis has access to search the appropriate systems and data sources
Additional resources
Splunk Professional Services can assist with this or any other process involved in conducting a Splunk platform health check. Click here to learn more about working with Professional Services.