Splunk: Request department use for Splunk


Question
1.  How do I request to use Splunk in my department?
2.  Who is responsible for keeping the membership up-to-date?
3.  What will OIT provide for my department?
 

 Answer

1.  Submit a Help Request ticket with the following required information:
          1. Department Name
          2. Group Information:
                    -NetID of the Technical Contact for the department
                    -List of NetIDs for users who should have access to the Splunk Instance*

2.  This will end up being a Grouper Group and the technical contact will be responsible for keeping the membership up-to-date

Please assemble this information into a ticket and assign it to Collaborative Services-OIT

3.  OIT will provide the following per department:
     -1x Splunk Search Head
     -1x Splunk Indexer
     -1G per day portion of the Duke License.  More than 1G per day can be negotiated with the Security Department
     -30 days of log retention.  For longer retention, the department will need to provide their own storage

 

Further support beyond account creation – assign a ServiceNow ticket to: Systems-UNIX-OIT
Provide detailed information regarding the issue, URL of the splunk instance, and contact information.