In this post, we’ll walk through the best places to find the proper assistance based on what is required. Several options are available for support, ranging from paid Splunk Support to documentation, Splunk Answers, and even Splunk Community Slack.
With many options available, knowing where to start can be confusing or intimidating. The table below is a good place to start and will cover many issues. If you have questions about something else that isn’t on the table reach out to the Splunk experts here at Kinney Group.
Splunk Support
Splunk Support is the paid solution to receive assistance. There are two options: Standard Support, which includes Priority Ticket (P1) 24/7 support, and Premium support which has 24/7 support for P1 and P2 tickets. For more details on the different support tiers, see https://www.splunk.com/en_us/customer-success/support-programs.html
If you have a P1 issue, use the phone number to call:
1(855) SPLUNKS or 1(855) 775.8657
US Public Sector: 1(855) 490.7327
Other lines: https://www.splunk.com/en_us/about-splunk/contact-us.html#customer-support
To open a ticket via the web, log into the Splunk Support Portal (www.splunk.com, click Support then Support Portal).
Advice: If this is a system issue, create and upload a Splunk diagnostics package attached to your ticket. See: https://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Generateadiag
Advice: If you open a lower-tier ticket, use the other support methods listed here in addition to the ticket. You may well find a solution before support can.
Splunk Documentation
Splunk Documentation should be the primary source for feature information, examples on how to use Splunk, and debugging systems not at an emergency level outage. A whole series of documents are available for Splunk Enterprise, Splunk Cloud, and the premium solutions such as Splunk Enterprise Security, Splunk IT Service Intelligence, Splunk SOAR, and Splunk Observability Products.
The primary sites for Splunk Docs are:
Main Site to get to everything: https://docs.splunk.com/Documentation
Splunk Cloud Platform: https://docs.splunk.com/Documentation/SplunkCloud
Splunk Enterprise: https://docs.splunk.com/Documentation/Splunk
Splunk Enterprise Security: https://docs.splunk.com/Documentation/ES
Splunk IT Service Intelligence: https://docs.splunk.com/Documentation/ITSI
Advice: Pay attention to versions. If you are not running current, then change to the correct version.
When bookmarking links, replace the version numbers with the word latest. For Example: https://docs.splunk.com/Documentation/Splunk/latest/Installation/Whatsinthismanual
Individual Apps often have documentation of their own. Either reach them from the main Splunk Documentation Site, then select “more” under Apps and Add-ons, or follow links from the app listing on Splunk Base.
Advice: Splunk Release Notes exist for each version on https://docs.splunk.com/. Before upgrading, read the release notes before you get a surprise.
Splunk Answers
Splunk Answers is the long-time place where people in the Splunk community ask questions, and other users answer them. Splunk is blessed to have a vibrant user community that supports helping each other. Answers is a fantastic place for finding issues that others have experienced.
My favorite way to search answers is through your search engine of choice. Say I want to know details on how to transpose the results of a table (e.g., change the X and Y axis in a table).
Or we can get fancier and limit the search to the community website.
Always search for answers before asking, as there is a good chance an answer already exists for your question. Often, I find myself using multiple answers to craft my own solution for more complicated questions.
Advice: The people helping with answers are community members taking their personal time to help, so always be kind.
Splunk Community Slack
Splunk Community Slack is the best place for a quick question, a conversation where you need to go back and forth to get the answer, or to ask open-ended questions. Many technical experts are on Slack and are available to provide fast help.
Community Slack is available by signing up at http://splk.it/slack.
Community Slack uses channels to separate questions. Head to the first channel (Where Do I Ask), and someone will direct you.
Fast questions: For example, if you want to know how to add summary rows to the result of a search table, include (What you can for OPSEC purposes) from your search and ask the question.
Back-and-forth: Often, people know their questions will morph depending on the answers. “Can someone tell me about using X,” Then, based on that answer, there may be follow-up questions. That is much faster on Slack than doing so over on Splunk Answers.
My favorite questions are the Open-Ended questions. Slack is fantastic for this. “I need to do this activity. Does anyone have advice on how to do it?” It is excellent for floating ideas and asking if others have warnings about trying something.
Bonus: You’ll see me, @Michael Simko there in some channels asking questions and offering solutions.
Splunk User Groups
Splunk User Groups are the best way to meet fellow Splunk enthusiasts in your area. They often draw from local users, admins, consultants, and Splunk employees. There is something great about having local contacts, learning how others use the product, and working on unique use cases. Splunk is a diverse product, and the use cases are all-over.
To find your local user group, see: https://usergroups.splunk.com/
You don’t have to master Splunk by yourself in order to get the most value out of it. Small, day-to-day optimizations of your environment can make all the difference in how you understand and use the data in your Splunk environment to manage all the work on your plate.
Cue Atlas Assessment: Instantly see where your Splunk environment is excelling and opportunities for improvement. From download to results, the whole process takes less than 30 minutes using the link below:
