Platform management overview
The best practices in the platform functional area support the availability, scalability, and maintainability of your Splunk deployment. They help establish an optimized Splunk platform architecture and systems for continuity planning, capacity planning, and incident management.
Follow these best practices according to the standard, intermediate, or advanced goals you have set.
| Activities | Standard | Intermediate | Advanced |
|---|---|---|---|
| EDUCATION
How the Splunk engineering team (not users) stays current on how to administer Splunk software. |
Self education Leverage Splunk Documentation Leverage Splunk Answers |
Everything outlined in standard Splunk education paths by role Establish sandboxes as a regular practice for development and innovation (see Using a Splunk sandbox) |
Everything outlined in intermediate Defined attendance policy for Splunk events |
| ARCHITECTURE
Optimizations to your platform architecture that support performance and scale. |
Deploy software using recommended system requirements Set up a Splunk lab (see Setting up a lab environment) |
Everything outlined in standard Make use of the Splunk Validated Architectures (see Splunk Validated Architectures) |
Everything outlined in intermediate Deploy a Universal Forwarder as part of the standard OS build (see The Universal Forwarder in the Splunk Forwarder Manual) |
| CONTINUITY PLANNING
Product features or other solutions that facilitate high availability or disaster recovery scenarios. |
Set up data replication (see Data replication in the Splunk Managing Indexers and Clusters of Indexers manual) Set up a backup policy Set up system snapshots (see System snapshots) OR virtual migrations |
Everything outlined in standard Set up search head clustering (see About search head clustering in the Splunk Distributed Search manual. Set up multi-site data replication (see Multisite indexer cluster deployment in the Managing Indexers and Clusters of Indexers manual) Generate backups of configuration and user knowledge objects (see Managing Backup and Restore processes) |
Everything outlined in intermediate Set up automated failover of the utility tier (see Preparing for Failures) Implement source control for configuration and user knowledge objects (see Managing backup and restore processes) |
| SUPPORT AND INCIDENT MANAGEMENT
Procedures to track and mitigate issues with the Splunk deployment. |
Email or vocal request | Implement a ticketing system |
Everything outlined in intermediate 24/7 live help desk Splunk runbook |
| CAPACITY MANAGEMENT
Practices for staying informed about resource usage and staying ahead of demand on the Splunk platform. |
Use the Splunk monitoring console (see Monitoring console in the Monitoring Splunk Enterprise manual) |
Everything outlined in standard Develop linear usage projection |
Everything outlined in intermediate Discuss anticipated needs with stakeholders (see Managing Stakeholders) |