Skip to main content
 
 
 
Splunk Lantern

Platform management overview

 

The best practices in the platform functional area support the availability, scalability, and maintainability of your Splunk deployment. They help establish an optimized Splunk platform architecture and systems for continuity planning, capacity planning, and incident management.

Follow these best practices according to the foundational, standard, intermediate, or advanced goals you have set.

Activities Foundational Standard Intermediate Advanced
EDUCATION

How the Splunk engineering team (not users) stays current on how to administer Splunk software.

Users are encouraged and given resources to self-educate (see Helpful links to Splunk resources)

Leverage Splunk Documentation

Leverage Splunk Answers

Everything outlined in Foundational

Splunk learning paths by role (see Setting roles and responsibilities)

Everything outlined in Standard

Establish sandboxes as a regular practice for development and innovation (see Using a Splunk sandbox)

Everything outlined in Intermediate

Splunk certification paths by role (see Setting roles and responsibilities)

ARCHITECTURE

Optimizations to your platform architecture that support performance and scale.

Deploy software using recommended system requirements (see Reference hardware)

Automate Splunk deployments (see Streamlining Splunk deployments: A guide to automation strategies)

Everything outlined in Foundational

Set up a Splunk lab (see Setting up a lab environment)

Everything outlined in Standard

Make use of the Splunk Validated Architectures 

Deploy environment for existing capacity and future growth (see Platform capacity considerations)

Define clear data retention policies (see Creating data retention policies)

Everything outlined in Intermediate

Deploy a Universal Forwarder as part of the standard OS build (see The universal forwarder)

CONTINUITY PLANNING

Product features or other solutions that facilitate high availability or disaster recovery scenarios.

Set up a backup policy (see Managing backup and restore processes)

Set up system snapshots (Refer to your server vendor infrastructure vendor for more information)

Everything outlined in Foundational

Set up data replication (see Data replication and Preparing for failures in the Splunk utility tier)

Set up search head clustering (see About search head clustering)

Everything outlined in Standard

Generate backups of configuration and user knowledge objects (see Managing backup and restore processes)

Set up automated failover of the utility tier (see Preparing for failures)

Everything outlined in Intermediate

Set up multi-site data replication (see Multisite indexer cluster deployment and Indexing and search architecture)

Implement source control for configuration and user knowledge objects (see Managing backup and restore processes)

SUPPORT AND INCIDENT MANAGEMENT

Procedures to track and mitigate issues with the Splunk deployment.

Process issue reporting via email or vocal request (see Establishing and communicating with your user community) Implement a ticketing system, or incorporate into existing ticketing system (see Proactive monitoring)

Everything outlined in Standard

Create Splunk runbooks to provide procedures for support to follow (unique to your environment)

Everything outlined in Intermediate

Set up a 24/7 live help desk (unique to your environment)

CAPACITY MANAGEMENT

Practices for staying informed about resource usage and staying ahead of demand on the Splunk platform.

Use the Splunk monitoring console (see Platform capacity considerations)

Learn how to correctly size your Splunk architecture (see Sizing your Splunk architecture)

Define clear data retention policies (see Creating data retention policies)

Everything outlined in Foundational

Develop linear usage projection to estimate growth (see Platform capacity considerations)

Everything outlined in Standard

Discuss anticipated growth needs with stakeholders (see Managing stakeholders)

Everything outlined in Intermediate