1. Home
  2. User Training

User Training

Your Role as a User

As a User, you are responsible for taking action on incidents that page you while you are on call.

Your Permissions as a User 

As a User, you have access to view and edit your own user information, view your on-call schedule, and the ability to take action on alerts. 

View all User Roles and Permissions!

Your Resources as a User

Knowledge Base: Splunk On-Call has an extensive knowledge base that is always a good place to start if you are unsure how something works or are in need of some tips! 

Contact Us: All users have the ability to reach out to Splunk On-Call support at any time with any questions!

1.  Live Chat: If you are logged into your Splunk On-Call instance, you will have the ability to Live Chat with the Splunk On-Call Support team.

2.  Splunk Support Portal: You can open a Splunk On-Call support case in the Splunk Support Portal:https://login.splunk.com/

If you are facing any issues when trying to contact us please have a look HERE!

Setting up your account

  1. Accept your email invitation 
  2. Create a username if one has not been created for you: Keep in mind that usernames cannot be changed. Please be sure to follow any naming conventions outlined by your account admins. 
  3. Add contact methods to your profile: Add the contact methods that you would like to be reached on (phone numbers, emails). For push notifications: First, download the mobile app and log in. Your device will then appear in your profile and you will be able to use push notifications.
  4. Set up your Personal Paging Policies: Your paging policy determines how Splunk On-Call notifies you of an incident. Include multiple steps and multiple notification types in your policy that increase in noise such as push to SMS to a phone call. NOTE: the last step of your paging policy will repeat until the incident is acknowledged. Quick video on Personal Paging Policies! 

    Best Practice Tip Your Primary Paging Policy should be the loudest and most attention-grabbing notification method. While your custom paging policy can be less aggressive for a configured period time that may not require such aggressive paging (i.e. during business hours).

    Best Practice Tip Include a phone call in the last step of your paging policy so that you are alerted in the noisiest way until you acknowledge the incident.

  5. Download Mobile App & Add Splunk On-Call to your contacts: Splunk On-Call can be easily added to your phone contacts from the mobile app. Just navigate to the Menu, Notifications, and select “Add Splunk On-Call to Contacts”. NOTE: if you need Splunk On-Call notifications to override “Do Not Disturb” please visit our mobile application articles for directions.
  6. View Your Schedule: Login to the mobile app and select the calendar icon at the bottom of the screen to see when you are on-call. From the Web UI,  Navigate to Teams >> “Your Team” >> On-Call Schedule. Quick video on viewing an On-call Schedule! 

    Best Practice Tip You can copy and paste your personal calendar .ics file to your favorite calendar tools such as Google or Outlook.

  7. Create a Scheduled Override: Heading out of town or have a scheduled absence where you will need on-call coverage? Create an override so someone can cover your shift for you. Quick video on Scheduled Overrides!
    • Mobile: From the home screen select “Create Override” and select the timezone and dates/times you need to be covered. NOTE: Another user will need to “take” the shift(s) from you before the shift is considered covered.
    • Web: Navigate to your team >> Scheduled Overrides >> Create an Override and select the timezone and dates/time you need to be covered. NOTE: Another user will need to “take” the shift(s) from you before the shift is considered covered
  8. Use the Manual Take On-Call feature for last-minute coverage: For unplanned absences (i.e. a doctor’s appointment), the take on-call button can be used to cover another user’s shift until they take it back or the shift ends. Quick video on Manual Takes!  
    • Mobile: 
      1. Navigate to the home screen
      2. Click “View All” below teammates currently On-Call
      3. Click the “Take shift” button
      4. You are now on call until the end of the user’s shift unless they take it back.
    • Web: 
      1. Navigate to the people pane
      2. Locate the user that needs last-minute coverage
      3. Select the user
      4. Click the “Take Shift” button
      5. You are now on call until the end of the user’s shift unless they take it back. 
  9. Take action on an incident you are paged for: There are several different actions you can take on an incident you are paged for. The various actions are described below: Quick video on incident actions on the Web UI & Mobile UI! 
    • Acknowledge: This will stop the incident from actively paging and continuing through the escalation policy. An acknowledgment signifies that you are aware of an incident and are taking action on it.
    • Resolve: Once the incident is resolved within the monitoring tool it can be resolved within Splunk On-Call. Once resolved any new alert of the same type will create a new incident.
    • Reroute: If the incident needs to be addressed by another user or directed to a different escalation policy the reroute option allows you to do this. 
    • Snooze: If the incident is not urgent and can wait before being address you can snooze it for a specified amount of time using the snooze option. The incident will page users again after the amount of time selected is up.
    • Add Responders/Conference Bridge: If more eyes are needed on an incident and/or a Conference Bridge is needed to troubleshoot the incident, you can click the Add Responders icon and send out a page to desired users or particular escalation policies.
    • Chat: Chat in the incident timeline to collaborate with teammates
      • use @ to notify specific users
      • use @@ to notify a specific team

User Onboarding Checklist

Updated on December 7, 2021

Was this article helpful?