What's included in our Splunk Health Check?

Author: Becca Lambert
Release Date: 04/06/2024

A Splunk health check is a service offered free of charge to Splunk customers, you don’t need to be a Somerford customer, we are happy to help all Splunk users. The Health Check is a method of reviewing an organisation's current usage and implementation of Splunk and how it is developing over time, to provide peace of mind to the customer that everything within your splunk environment is acting as required.

Stage 1: The Pre-Requisite Call

We’ll start off with a pre-req(uistie) call. This is a really good way to introduce you to the technical engineer who will be performing the health check, and get an idea of what you can expect on the day of the health check. This can help us gain a better understanding of what your expectations are for Splunk and any potential issues you may be having. This will allow us to document and address these during the health check helping you gain maximum benefit. During the pre-req call we will also establish how best to complete the health check, whether this be via remote access, screen share or any other option you may prefer.

Stage 2: The Health Check Day

On the day of the health check, these are the current areas that we will be looking to check during our time in your environment:

Health Check Areas:

General Health and Usage of the Platform:
Are you noticing any performance issues? Are you getting the output of the system as expected? How often, and how many users are accessing the platform?

System and Data Governance:
Do you have a Target Operating model in place ? What type of access controls are you using?

• Architecture:
Is the architecture you currently have in place sufficient enough for your needs or any future plans to increase usage?

• Forwarding & Data On-boarding:
Are you using a deployment server to push config to your servers ? Are you forwarding your data correctly?

• Indexing:
Is the data balanced across indexers? Is the replication factor being met? What's the volume used for each of the indexes?

• Searching:
Are you using the right commands in your searches? Are your searches optimised?

• Dashboards:
Are base searches being used? Are the dashboards optimised? Are they still relevant?

• Splunk Monitoring:
What relevant monitoring is taking place? Is the monitoring console in place? Is there regular rebuilding of the forwarder management console?

• Administration

• Applications:
What applications are in use? Any redundant ones that can be removed?

• Support Requests:
Are you utilising the Somerford Support desk?

• Training:
Are there any areas of Splunk you would like further training on?

• Issues and Errors:
Any underlying issues in the environment?

Alongside these areas, we will also look at any future use cases you may want to implement any questions you may have regarding your environment.

Stage 3: Feedback

The third stage of a health check is the production of a written report from the engineer, which details your environment, any issues found and a recommendation on how best to fix these issues. This can then be combined with a follow up call with the engineer where they will go through the report with you and discuss the report on what was found and the recommended route forward for any improvements that need to be made.

Why should you have a Health Check?

It's always a good idea to conduct a health check before any major work on your Splunk environment, whether this be an upgrade or onboarding additional data sources. Just to make sure that everything is working as it should be, and that there are no major issues uncovered which may cause any issues or delays to the work being completed. It's also a good idea to have a health check as part of routine maintenance on your environment, as a method taking a deeper look at the goings on within your environment, so make sure that there's no underlying issues occurring, which may potentially be missed in routine daily checks within your Splunk Environment.

To learn more about Splunk Health Checks from Somerford Associates, you can download our dedicated datasheet on the topic here.

More Resources like this one:

Simplifying IoT Data Ingestion and Real-Time Monitoring with Splunk Edge Hub — The Somerford Podcast

Find out what Somerford can offer you -
Your Elite Splunk Professional Services Partner

Want to Request a Health Check?

Get in touch and we would be happy to support you!
Scroll to Top