- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


It's been a while since we implemented Splunk Enterprise, and user engagement has stalled a bit. We also have a lot of people who are new to Splunk. Do you have any recommendations for how we can engage more users and spin up new users on how to get more out of Splunk?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


The Splunk Product Best Practices team provided this response. Read more about How Crowdsourcing is Shaping the Future of Splunk Best Practices.
Engaging your Splunk users and getting creative about what you can do to get more out of Splunk can be a fun problem to solve. A best practice for getting a community engaged is to create a community portal, as described in the Splunk Success Framework Handbook. Here are some more ideas you can try depending on what kind of support your user community needs.
Resources for Splunk basics
- Watch this Splunk Web Demo to see how the Splunk Search & Reporting App works to search data, create reports and dashboards, and set up alerts.
- For search basics, Use fields to retrieve events to find pairings in event data. See field extraction for more about how Splunk extracts fields from event data.
- Bookmark the Splunk Quick Reference Guide. The search command by category organizes possible commands by how they're used.
- Take your Search Processing Language (SPL) skills to the next level by learning more about less common commands.
- Learn how to optimize searches as your search strings grow longer and more advanced.
- Make your search results actionable by saving searches and transforming them into reports, dashboard panels, alerts, and event types to make it easy to analyze the results.
- Create scheduled alerts to search for events on a regular schedule or explore if commands like predict to help you shift from reactive, to proactive operational intelligence.
- Indulge in the Splunk How-To YouTube channel produced by Splunk Education, for topics like search, visualizations, machine learning, dashboards, Splunk APIs, server log indexing, security, and anything else you are interested in learning about.
See the following video for details about creating alerts and scheduled alerts.
Get a head start with Splunk apps and add-ons
Apps and add-ons provide ready-to-use functions to help organize and manage your data.
- Apps contain pre-built dashboards, reports, alerts and workflows, give power users in-depth data analysis, and empower business users with point-and-click analytics. Find apps compatible with Splunk Enterprise on Splunkbase. Post and share your app or explore hundreds of apps and add-ons from Splunk, our partners, and our community.
- Add-ons typically import and enrich data from any source and create a rich data set ready for direct analysis or use in an app. Use an add-on to extend Splunk Enterprise to meet your specific needs. For example, use apps to onboard data from hundreds of common sources, enrich data using other information sources, and to automatically select, identify, and tag fields.
Create use cases
Engage the users, and prospective users, by identifying their struggles that can be solved with Splunk. Follow the guidance of the Data onboarding best practices for a Splunk deployment, from the Splunk Success Framework manual, to create simple implementations such users can grow their Splunk usage from.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


The Splunk Product Best Practices team provided this response. Read more about How Crowdsourcing is Shaping the Future of Splunk Best Practices.
Engaging your Splunk users and getting creative about what you can do to get more out of Splunk can be a fun problem to solve. A best practice for getting a community engaged is to create a community portal, as described in the Splunk Success Framework Handbook. Here are some more ideas you can try depending on what kind of support your user community needs.
Resources for Splunk basics
- Watch this Splunk Web Demo to see how the Splunk Search & Reporting App works to search data, create reports and dashboards, and set up alerts.
- For search basics, Use fields to retrieve events to find pairings in event data. See field extraction for more about how Splunk extracts fields from event data.
- Bookmark the Splunk Quick Reference Guide. The search command by category organizes possible commands by how they're used.
- Take your Search Processing Language (SPL) skills to the next level by learning more about less common commands.
- Learn how to optimize searches as your search strings grow longer and more advanced.
- Make your search results actionable by saving searches and transforming them into reports, dashboard panels, alerts, and event types to make it easy to analyze the results.
- Create scheduled alerts to search for events on a regular schedule or explore if commands like predict to help you shift from reactive, to proactive operational intelligence.
- Indulge in the Splunk How-To YouTube channel produced by Splunk Education, for topics like search, visualizations, machine learning, dashboards, Splunk APIs, server log indexing, security, and anything else you are interested in learning about.
See the following video for details about creating alerts and scheduled alerts.
Get a head start with Splunk apps and add-ons
Apps and add-ons provide ready-to-use functions to help organize and manage your data.
- Apps contain pre-built dashboards, reports, alerts and workflows, give power users in-depth data analysis, and empower business users with point-and-click analytics. Find apps compatible with Splunk Enterprise on Splunkbase. Post and share your app or explore hundreds of apps and add-ons from Splunk, our partners, and our community.
- Add-ons typically import and enrich data from any source and create a rich data set ready for direct analysis or use in an app. Use an add-on to extend Splunk Enterprise to meet your specific needs. For example, use apps to onboard data from hundreds of common sources, enrich data using other information sources, and to automatically select, identify, and tag fields.
Create use cases
Engage the users, and prospective users, by identifying their struggles that can be solved with Splunk. Follow the guidance of the Data onboarding best practices for a Splunk deployment, from the Splunk Success Framework manual, to create simple implementations such users can grow their Splunk usage from.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


Added related video.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


I've also added in the create "Create use cases" as inspired by @woodcock's comment.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

In addition to this I would add the Splunk education youtube channnel
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


Thanks @gjanders! I've just added that to the post. Karma coming your way as a thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Find pain-points and time-wasters in people's work lives and solve those usecases with Splunk.
