Welcome to Splunk!
What logs do you have? What you can look for will depend on what you have to work with.
You bought Splunk for a reason. Look for whatever satisfies that reason.
Look for whatever causes the on-call person to get woken up at night. Try to catch the problem before it has to be escalated to the on-call.
What keeps the CIO/CISO from sleeping at night (data breach, ransomware, etc.)? Look for evidence of that.