About the Splunk Technical Assessment App

Getting Started

The Splunk Technical Assessment application is used by Splunk Professional Services (PS) to assess the health and maturity of your Splunk deployment. With the data collected by the application, Splunk PS can recommend areas of improvement to ensure your Splunk deployment is running optimally and is ready to scale.

The STA application is broken into tasks by day of the engagement based on key areas of a deployment:

• Day 1 - Discovery
  
  This is the the first day of the engagement and focuses on introductions and requirement gathering for the following areas:
  
  
  • Environment discussion
  • Architecture review
  • Applications in use
  • User base and usage
  • Customer use cases
  
  
• Day 2 - Server Instance Configuration and Health
  
  Day 2 of the engagement is when the Splunk Technical Assessment application is installed. This day revolves around reviewing server performance and the configuration settings for each Splunk instance.
  
  
• Review of server level configurations
• System resource utilization
• Splunk instance configuration and consistency
• Review of installed applications and their function
• Splunk internal errors and messages


• Day 3 - Data Review
  
  Day 3 of the engagement focuses on reviewing data on-boarding best practices and to ensure the customer's current adheres to it. This day revolves around the following tasks:
  
  
  • Introduction to data on-boarding best practices presentation and whiteboard session
  • Index sizing and capacity planning session
  • Data feed and forwarder health review
  • Field extraction review and best practices
  
  
• Day 4 - Search Performance
  
  Day 4 of the technical assessment focuses on reviewing search performance and usage patterns. The top 10 under-performing searches will be optimized with the customer in accordance with Splunk best practices.
  
  
  • Review of data model acceleration completion
  • Overall search performance analysis and optimizations
  • Saved search inventory review
  
  
• Day 5 - Knowledge Objects/Security and Wrap-up
  
  Day 5 is the final day of the technical assessment and is a review of the security of the environment and RBAC. Time permitting, a dashboard best practices session will be held. At the end of the day, the consultant will perform a wrap-up meeting to identify the findings throughout the week.
  
  
  • Review roles and RBAC settings
  • Architecture diagram creation
  • Complete wrap-up meeting of the completed work