Skip to main content
Do you build apps on Splunk or are a Splunk admin? If so, we want to hear from you. Help shape the future of Splunk and win a $35 gift card!
 
 
Splunk Lantern

Program management overview

 

The best practices in the program functional area include business alignment, operations, collaboration, use cases, and staffing, which enable you to realize maximum value from your Splunk deployment. A program manager generally drives these activities and manages interdependencies among the stakeholders.

Follow these best practices according to the foundational, standard, intermediate, or advanced goals you have set.

Activities Foundational Standard Intermediate Advanced
CHANGE CONTROL, MAINTENANCE, UPGRADES

Change management systems that include approval, tracking, and communication.

Establish a communication plan (see Establishing and communicating with your Splunk user community)

Everything outlined in Foundational

Establish a regular schedule for releasing updated Splunk content and software updates (see Supported version timelines)

Splunk web messages and banners are utilized to communicate information with active user community (see Establishing and communicating with your Splunk user community)

Everything outlined in Standard

Service levels have been established and are maintained (see Estalishing service levels)

A change management process is established (see Change management)

 

Everything outlined in Intermediate

Implement a source control system (see Change Management)

COMMUNITY MANAGEMENT

Practices to share standards and policies and ensure consistency among the Splunk user community.

Establish standards and policies (see Community best practices and Lantern best practices)

Establish naming conventions for indexes, apps, and source types (see Naming conventions)

Establish a program that fosters user development (see Enabling users with incentives)

Everything outlined in Foundational

Use roles to separate access to data from capabilities (see Managing data based on role)

Publish standards and policies (see Establishing and communicating with your Splunk user community)

 

Everything outlined in Standard

Validate user adoption and behavior (see Setting success metricsImplementing best practices for workload management, Creating efficient searches and dashboards for cost reduction, Implementing search filters, and Limiting concurrent searches)

Enforce standards and policies (unique to your environment)

Everything outlined in Intermediate

Use Splunk software to monitor for configurations and knowledge objects that do not meet standards (see Monitor and organize knowledge objects)

COLLABORATION

Practices to share successes that inspire new ideas across different user communities and expose day-to-day wins to organization management.

Establish an informal or ad hoc community forum (see Establishing and communicating with your Splunk user community)

Follow other Splunk users on Splunk Answers (see answers.splunk.com)

Establish a central network location where users can save and access Splunk content (see Establishing and communicating with your Splunk user community)

Everything outlined in Foundational

Participate in local Splunk user groups (see user groups)

Attend local Splunk Live events (search for events)

Establish a stakeholder register (see Managing stakeholders)

Establish office hours for Splunk subject matter experts to consult with your Splunk user community (see Establishing and communicating with your Splunk user community)

 

Everything outlined in Standard

Publish a regular Splunk newsletter (see Establishing and communicating with your Splunk user community)

Everything outlined in Intermediate

Establish a Splunk community portal (see Establishing and communicating with your Splunk user community)

Attend the annual Splunk user conference (see the .conf website) and take education courses from the pre-conference training sessions and Splunk University (see Splunk University)

STAFFING

Practices to maintain staff skills and responsibilities and communicate regularly about responsibilities and assignments.

Establish and maintain a staff list with contact information (see Managing stakeholders)

Everything outlined in Foundational

Establish Splunk roles and responsibilities on your team (see Setting roles and responsibilities)

Everything outlined in Standard

Establish a staffing model (see Staffing a Splunk deployment)

Everything outlined in Intermediate

Establish a RACI (responsible, accountable, consulted and informed) matrix as part of your staffing model (see Assigning responsibility for a Splunk deployment)

BUSINESS ALIGNMENT

Practices to ensure that your Splunk implementation stays on track with business goals

A Splunk Implementation Charter has been defined and is periodically reviewed and revised (see Define a charter)

Align with stakeholders

Everything outlined in Foundational

Establish a stakeholder register (see Managing stakeholders)

Align with departments

Everything outlined in Standard

Hold regular stakeholder coordination meetings (see Managing stakeholders)

Align with business units

Everything outlined in Intermediate

Hold a regular quarterly business review (see Scheduling quarterly business reviews)

VALUE REALIZATION

Practices to unlock, discover, and demonstrate the value of your Splunk investment.

Establish a use case registry (see Use case registry)

Establish success metrics (see Setting success metrics)

Demonstrate value to users

Everything outlined in Foundational

Establish a log that measures the positive effect of Splunk use cases over time (see Use case registry)

Publish Splunk use case success stories (see Establishing and communicating with your Splunk user community)

 

 

 

Demonstrate value to departments

Everything outlined in Standard

Assess and optimize the input from data sources (see GDI - Getting Data In)

Establish dashboards that demonstrate use case effectiveness (see Use case registry)

Demonstrate value to business units

Everything outlined in Intermediate

Establish a showback plan and value realization cycle (see Showing the value of your Splunk deployment)