Splunk® App for Infrastructure (Legacy)

Use Splunk App for Infrastructure

Glossary of terms for Splunk App for Infrastructure

Splunk App for Infrastructure (SAI) basic components and feature descriptions include:

  • Agent is the agent script which performs the following upon execution on the host machine/agent/entity:
    • Detects the operating system (for example, Ubuntu).
    • Based on the machine type, installs dependencies.
    • Updates collectd.conf with the necessary plugin.
    • Adds a custom plugin that sends data to SAI.
    • Starts the collectd service.
    • Runs collectd and establishes a data connection.
  • Dimension is a key/value pair used for troubleshooting, analysis, and filtering hosts, for example location:seattle or role:webserver. Dimension keys and values cannot begin with an underscore.
  • Entity is the machine or host that has the data you want to forward to the SAI to monitor.
  • Metrics is a set of measurements containing a timestamp, a metric name, a value, and a dimension. Metrics is a feature for system administrators and IT tools engineers that focuses on collecting, investigating, monitoring, and sharing metrics from your technology infrastructure, security systems, and business applications in real time.
  • Status is the status for each entity is calculated by determining if data has been sent from the entity and is available for analysis in the last 60 seconds. An offset is set for this search to allow for time to index and store the metric measurements. If an entity sent data within the last 60 seconds, its status is Active. If an entity did not send data within the last 60 seconds, its status is Inactive. For Kubernetes objects, SAI gets status information from the Kubernetes API. For information about Kubernetes statuses, see Pod phase on the Kubernetes website. The status for Kubernetes nodes is set to disabled when the status of then node enters an unknown state.
Last modified on 08 July, 2020
Using Groups in Splunk App for Infrastructure   Support for Splunk App for Infrastructure

This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.4.0, 1.4.1, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1 Cloud only, 2.2.0 Cloud only, 2.2.1, 2.2.3 Cloud only, 2.2.4, 2.2.5


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters