Splunk on Splunk®

Troubleshooting with Splunk on Splunk

Download manual as PDF

NOTE: The Splunk on Splunk app reached its end of life with version 6.3.0 of Splunk Enterprise. Its functionality has been replaced by Distributed Management Console, which is included with Splunk Enterprise versions 6.2.0 and greater. Read About the Distributed Management Console.
Download topic as PDF

About Splunk on Splunk

IMPORTANT: As of Splunk Enterprise 6.3, the S.o.S app is End of Life. Its functionality has been replaced and superseded by the Distributed Management Console, a feature that is included with Splunk Enterprise as of version 6.2.0. We recommend that you migrate from S.o.S to the DMC for all your Splunk monitoring and introspection needs.

Splunk On Splunk (S.o.S) is an app that uses Splunk diagnostic tools to analyze and troubleshoot a Splunk Enterprise installation. It is a tool for analyzing and monitoring the health of your installation and diagnosing any problems that might arise.

Introduction to how S.o.S works

S.o.S searches data that is present on your Splunk Enterprise indexers and search heads. In the majority of the views of the app, you can select whether you want to analyze the Splunk Enterprise search head or search peer.

S.o.S contains views and tooling to:

  • View a graphical representation of your Splunk Enterprise deployment topology.
  • View, search, and compare Splunk Enterprise configuration files.
  • Examine memory and CPU statistics for Splunk Web, Splunk servers, and Splunk search processes.
  • Detect and expose errors and anomalies in your installation, including inspection of crash logs.
  • Review and analyze data inputs, including file monitor inputs.
  • Measure indexing performance and expose event processing bottlenecks.
  • View details of scheduler and user-driven search activity.
  • Analyze data volume metrics captured by Splunk Enterprise.
  • View details of a Splunk Enterprise cluster and troubleshoot index replication.

S.o.S users

Users of this app are Splunk Enterprise administrators.

S.o.S gives administrators visibility into their Splunk Enterprise deployment and helps troubleshoot problems and anomalies. It allows an administrator to monitor usage levels and other performance metrics to gauge and assess activities such as indexing and searching.

The tools available with S.o.S are essential to performing a root cause analysis of problems encountered with a Splunk Enterprise deployment and to fine tune its performance.

  NEXT
Get support for S.o.S

This documentation applies to the following versions of Splunk on Splunk®: 3.2, 3.2.1


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters