We have an established Splunk Enterprise production environment that several departments use. Some people want to develop new searches, but are worried about disrupting the production environment. Do you have any best practices for setting up a safe test environment that feeds the production workflow?
A best practice for establishing a stable and reliable production Splunk environment is to set up a workflow that includes individual sandboxes for development and innovation, a lab environment for testing, and a safe push to production once things are ready.
Encouraging a healthy sandbox culture for your Splunk team ensures that your innovators have the latitude to try new things without disrupting what already works, or each other.
Note: This answer applies to Splunk Enterprise and Splunk Cloud.
A local sandbox is a safe place for you to innovate and develop new ideas. The best sandbox is a stand-alone instance used by one person. Everyone on your Splunk team should have their own sandbox so they feel safe to take risks and learn. With your own sandbox, you'll not be afraid to start over if you need to.
A lab environment is where you can test features before bringing them to production. A lab environment should mirror your production environment and have access controls that support your testers and safeguard your production environment.
Because Splunk Cloud is a SaaS service, you may not have access to anything but your production environment. Here is are a few ways to setup a sandbox or lab environment.
A best practice for establishing a stable and reliable production Splunk environment is to set up a workflow that includes individual sandboxes for development and innovation, a lab environment for testing, and a safe push to production once things are ready.
Encouraging a healthy sandbox culture for your Splunk team ensures that your innovators have the latitude to try new things without disrupting what already works, or each other.
Note: This answer applies to Splunk Enterprise and Splunk Cloud.
A local sandbox is a safe place for you to innovate and develop new ideas. The best sandbox is a stand-alone instance used by one person. Everyone on your Splunk team should have their own sandbox so they feel safe to take risks and learn. With your own sandbox, you'll not be afraid to start over if you need to.
A lab environment is where you can test features before bringing them to production. A lab environment should mirror your production environment and have access controls that support your testers and safeguard your production environment.
Because Splunk Cloud is a SaaS service, you may not have access to anything but your production environment. Here is are a few ways to setup a sandbox or lab environment.