Skip to main content
Registration for .conf24 is open! Join us June 11-14 in Las Vegas.
Splunk Lantern

People management overview


The best practices in the people functional area focus on learning incentives and role-based access to features and data to empower users to get the most out of Splunk software. The people functional area ensures that everyone who uses Splunk has an education plan and that they earn additional access and capabilities when they advance their knowledge and experience. People best practices also ensure that each team has a safe workspace where they can experiment with new ideas and collaborate.

Follow these best practices according to the foundational, standard, intermediate, or advanced goals you have set.

Activities Foundational Standard Intermediate Advanced

Criteria to determine the appropriate Splunk roles and capabilities to assign.

Utilize default roles (see Staffing a Splunk deployment and Users and Roles)

Implement role-based accessed control (see Role-based access control (RBAC))

Develop custom roles that inherit capabilities hierarchically (see Manage role inheritance)

Develop a team workspace app as the default app (see Building user group workspaces)

Develop a welcome page to help users get started (see Setting up a welcome page)

Everything outlined in Standard

Incentivize user education with capabilities (see Enabling users with incentives)

Everything outlined in Intermediate

Use roles to separate access to data from capabilities (see Managing data based on role)

Use efficient workload management to reduce the total cost of ownership of the Splunk platform (see Implementing best practices for workload management)


How Splunk software is configured to satisfy an incoming access request.

Utilize native Splunk Enterprise authentication (see Set up native Splunk authentication)

Implement role-based accessed control (see Role-based access control (RBAC))

Leverage an external directory system such as LDAP or SSO (see Setup LDAP or Configure SSO with SAML) Use only an external directory system (see Setup LDAP or Configure SSO with SAML) Same as Intermediate



Processes to update user and team access needs and remove users or teams when they no longer need access to Splunk software.


Utilize an IT-defined process for removing an account (see Delete a user)

Everything outlined in Standard

Manage and reassign orphaned objects (see Manage orphaned knowledge objects)

Same as Intermediate


Practices in place to empower end users to increase their Splunk skills and role capabilities.

Use panels in your Welcome page to direct users to relevant documentation (see Setting up a welcome page)

Everything outlined in Foundational

Establish Splunk education paths by role (see Setting roles and responsibilities)

Everything outlined in Standard

Establish an incentive-based access plan (see Enabling users with incentives)

Everything outlined in Intermediate

Encourage users to set up their own Splunk sandbox (see Using a Splunk sandbox)