Need a Splunk transition plan from one team to another.

I am looking for assistance on developing a Splunk transition plan from one team to another. Timeframe should be within one month.
Rocky CortezCyber Security EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Just pass admin password from one team to another? Should not take less than a minute if they know eachothers email
To add just a bit to gheist's comment documentation on the current environment.  Things like:

What type of and how many Splunk servers you have (search head, indexers, syslog forwarders).
Do you have more than one Splunk environment.
What type of daily/weekly/monthly/yearly maintenance functions
What automated reports do you have.
Do you have Splunk doing alerting and if so on what.
How security is setup
Current license limit

You may want to have one of the new team members shadow one of the current members for a couple hours a day for a couple days a week.

I am assuming that there is some arrangement where the new team will be able to contact the old team if needed.
btanExec ConsultantCommented:
Need to minimally covers
- Splunk FAQ contains  organisation specific information for configuring and troubleshooting Splunk related.
- Splunk Architecture and Setup documentation. Provide helpful guidance for first time or existing users for quickly setting up their Splunk license based on the recommended/tested design approved.
- Splunk License Usage Report View documentation. Adopt the approach to manage consumption of your Splunk license.
- Splunk Changement management. Provides the baseline security check regime, account based on roles, access right matrix, application installed and update regime and System health checks (SNMP traps etc). Include any form of audit report conducted
- Splunk Backup management. provides the long term backup period for RPO, and also interim archive period to sustain performance. Include recovery procedures
- Splunk external interface to other systems (include SIEMS). Provides all party agreement, scope of work, purpose and API support. Included any legal documentation as well
- Splunk training and support SLA engagement. Provides the expectation of onsite and online support as well as enhancement request fulfillment
- Contact of Splunk Helpdesk and Account manager / Backup. Provides the second tier to assist and advice in time of trouble and doubt. You need to standby as well in case too. Include Incident response SOP.

Good to space out the knowledge transfer into "runs" with key lead SME covering each items to the right delegates - fit for training. Demo will be good but minimally the basic handover of the run through must be conducted as priority first.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.