Program management overview
The best practices in the program functional area include business alignment, operations, collaboration, use cases, and staffing, which enable you to realize maximum value from your Splunk deployment. A program manager generally drives these activities and manages interdependencies among the stakeholders.
Follow these best practices according to the foundational, standard, intermediate, or advanced goals you have set.
| Activities | Foundational | Standard | Intermediate | Advanced |
|---|---|---|---|---|
| CHANGE CONTROL, MAINTENANCE, UPGRADES
Change management systems that include approval, tracking, and communication. |
Establish a communication plan (see Establishing and communicating with your Splunk user community) |
Everything outlined in Foundational Establish a regular schedule for releasing updated Splunk content and software updates (see Supported version timelines) Splunk web messages and banners are utilized to communicate information with active user community (see Establishing and communicating with your Splunk user community) |
Everything outlined in Standard Service levels have been established and are maintained (see Estalishing service levels) A change management process is established (see Change management)
|
Everything outlined in Intermediate Implement a source control system (see Change Management) |
| COMMUNITY MANAGEMENT
Practices to share standards and policies and ensure consistency among the Splunk user community. |
Establish standards and policies (see Community best practices and Lantern best practices) Establish naming conventions for indexes, apps, and source types (see Naming conventions) Establish a program that fosters user development (see Enabling users with incentives) |
Everything outlined in Foundational Use roles to separate access to data from capabilities (see Managing data based on role) Publish standards and policies (see Establishing and communicating with your Splunk user community)
|
Everything outlined in Standard Validate user adoption and behavior (see Setting success metrics, Implementing best practices for workload management, Creating efficient searches and dashboards for cost reduction, Implementing search filters, and Limiting concurrent searches) Enforce standards and policies (unique to your environment) |
Everything outlined in Intermediate Use Splunk software to monitor for configurations and knowledge objects that do not meet standards (see Monitor and organize knowledge objects) |
| COLLABORATION
Practices to share successes that inspire new ideas across different user communities and expose day-to-day wins to organization management. |
Establish an informal or ad hoc community forum (see Establishing and communicating with your Splunk user community) Follow other Splunk users on Splunk Answers (see answers.splunk.com) Establish a central network location where users can save and access Splunk content (see Establishing and communicating with your Splunk user community) |
Everything outlined in Foundational Participate in local Splunk user groups (see user groups) Attend local Splunk Live events (search for events) Establish a stakeholder register (see Managing stakeholders) Establish office hours for Splunk subject matter experts to consult with your Splunk user community (see Establishing and communicating with your Splunk user community)
|
Everything outlined in Standard Publish a regular Splunk newsletter (see Establishing and communicating with your Splunk user community) |
Everything outlined in Intermediate Establish a Splunk community portal (see Establishing and communicating with your Splunk user community) Attend the annual Splunk user conference (see the .conf website) and take education courses from the pre-conference training sessions and Splunk University (see Splunk University) |
| STAFFING
Practices to maintain staff skills and responsibilities and communicate regularly about responsibilities and assignments. |
Establish and maintain a staff list with contact information (see Managing stakeholders) |
Everything outlined in Foundational Establish Splunk roles and responsibilities on your team (see Setting roles and responsibilities) |
Everything outlined in Standard Establish a staffing model (see Staffing a Splunk deployment) |
Everything outlined in Intermediate Establish a RACI (responsible, accountable, consulted and informed) matrix as part of your staffing model (see Assigning responsibility for a Splunk deployment) |
| BUSINESS ALIGNMENT
Practices to ensure that your Splunk implementation stays on track with business goals |
A Splunk Implementation Charter has been defined and is periodically reviewed and revised (see Define a charter) |
Align with stakeholders Everything outlined in Foundational Establish a stakeholder register (see Managing stakeholders) |
Align with departments Everything outlined in Standard Hold regular stakeholder coordination meetings (see Managing stakeholders) |
Align with business units Everything outlined in Intermediate Hold a regular quarterly business review (see Scheduling quarterly business reviews) |
| VALUE REALIZATION
Practices to unlock, discover, and demonstrate the value of your Splunk investment. |
Establish a use case registry (see Use case registry) Establish success metrics (see Setting success metrics) |
Demonstrate value to users Everything outlined in Foundational Establish a log that measures the positive effect of Splunk use cases over time (see Use case registry) Publish Splunk use case success stories (see Establishing and communicating with your Splunk user community)
|
Demonstrate value to departments Everything outlined in Standard Assess and optimize the input from data sources (see GDI - Getting Data In) Establish dashboards that demonstrate use case effectiveness (see Use case registry) |
Demonstrate value to business units Everything outlined in Intermediate Establish a showback plan and value realization cycle (see Showing the value of your Splunk deployment) |