All Apps and Add-ons

Does anyone have planning resources on tests to run to ensure everything is working properly before deploying Splunk in our environment?

sreejith2k2
Explorer

We are planning to deploy Splunk in our environment of nearly 5,000 devices. As per the plan, there will be around 12 indexers and 6 Search heads.

Have any of you guys used any generic test plan to make sure that everything is working as per the need?

Also, what are the things we need to be tested - like what we need to test it under Unit testing, System test etc? It would be much appreciated if you can share some test plan for the same.

0 Karma

juvetm
Communicator

hi sreejikit2k2,
for the moment there no documentation on this planing resources . the only documentation we have for now is the capacity planning manual which is not interested on what you need i havelook every where on the internet i have not see some thing that can be interest on what you need
thanks

0 Karma

juvetm
Communicator

hi srejith2k2

i think Large enterprise can help
A large enterprise deployment handles functions across the enterprise, spanning
multiple data centers. These deployments might consist of:
-A large number of Splunk instances; for example, several dozen indexers
and as many as 10 search heads.
-Indexing volume ranging from 300GB to many TBs per day.
-Many thousands of forwarders.

-Updates handled by a separate configuration management tool, either a
stand-alone deployment server or a third party tool like Puppet or Chef.
-A large number of users, potentially numbering in the several hundreds.

0 Karma

sreejith2k2
Explorer

Once again thanks for your time juvetm.. I don't know whether i am confusing you... i am not looking for a deployment plan. I am looking for a proper test plan.

0 Karma

juvetm
Communicator

hi sreejikt2k2
what exactly are you doing i am waiting for reply if you are using deployment
i am waiting for reply

0 Karma

sreejith2k2
Explorer

Hi Juvetm, Currently there is no Splunk in our environment. We have created a test environment with forwarders, indexers and search heads. In our test phase, we are forwarding 3 syslog servers for indexing and testing whether the indexing is happening as expected (like host, source type etc). This are some basic things we are currently testing. In order for us to put the same configuration in the live, we have to have a test plan to make sure that everything is working fine as expected. This must include all possibilities that we are going to have in the live...
As far as I know, we can run certain queries to make sure that things are working. So I am just checking whether there is any standard template available.

0 Karma

santhireddy
New Member

hi sreejikt2k2,

Please let me know if you got any solution or template. Currently we are looking on this and didn't find any ways to move, if possible could you please share some insight.

Thanks in advance.

0 Karma

sreejith2k2
Explorer

I can give you some high level approach we have used.

We did only the Functionality testing

  1. Platform Connectivity -

Use ssh -v -p inorder to test the connectivity

Deployment server connectivity to Heavy FWD and Universal FWD (for UF, we have used few Windows and *nix machines
Connectivity between Indexers, SH and FWD's
Connectivity between Indexers and CM
Connectivity between Deployer and SH Clusters
Connectivity between staging server and Deployer
Connectivity between Indexers and License Master

  1. Role based access:

Check whether the users has permission (say, Network team can only access network indexes and they dont have admin access etc)

  1. Integration:

LDAP connectivity
Service now connectivity
Ticketing system connectivity to check whether the tickets are automatically raised for the alerts
DB connectivity
Qualys API connectivity
Cyber Threat Intelligence connectivity

  1. Data Management:

Cold storage on Indexers - check whether the indexes are moved from warm to cold storage

  1. Data Collection capability

A big piece of test work - Based on different sourcetypes whether the index time and search time extractions are done properly.

Note: you can do performance testing, UAT /OAT testing etc.

0 Karma

santhireddy
New Member

Thanks for your inputs and sharing.

0 Karma

juvetm
Communicator

hi hi srejith2k2
i think this documentation may help waiting to hear from you if this document can not help
http://docs.splunk.com/Documentation/Splunk/6.2.2/Deploy/Aboutdeploymentserver

0 Karma

sreejith2k2
Explorer

Thanks juvetm for your prompt response. We have already did the architecture design plan, which covered what you have told me.

We are currently looking for some test plans - system testing, performance testing, integration testing etc. I am looking for some documentation which will cover the testing plans. The testing team want to do all these testings before we put it in the production.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...