Splunk on Splunk app
Splunk on Splunk (SoS) is an app that uses Splunk Enterprise diagnostic tools to analyze and troubleshoot your configuration. SoS contains views and tooling that allow you to do the following:
- View, search, and compare Splunk Enterprise configuration files.
- Detect and expose errors and anomalies in your installation, including inspection of crash logs.
- Measure indexing performance and expose event processing bottlenecks.
- View details of scheduler and user-driven search activity.
- Analyze Splunk Enterprise data volume metrics.
For information about installing and configuring the Splunk on Splunk app, see the Splunk on Splunk documentation.
How Splunk on Splunk differs from the Monitoring Console
The SoS app reached its end of life with version 6.3.0 of Splunk Enterprise. Its functionality is replaced and extended by the Monitoring Console, which is included with Splunk Enterprise versions 6.2.0 and later.
We recommend that you migrate from SoS to the Monitoring Console for Splunk Enterprise monitoring and introspection. Documentation on the SoS app continues to be published as a convenience for those who have chosen to use it, even though it is no longer supported.
|Acquired Via||Splunkbase||Ships with Splunk Enterprise|
|Install Location||Search Head||Non-production search head|
|Supports Single Instance||Yes||Yes|
|Data Sources||Splunk Logs, Scripted Inputs (counts against license)||Splunk Logs, Introspection (does not count against license), REST|
|User Defined Grouping||No||Yes|
|Topology - Server Roles||Search Heads, Indexers, Forwarders||Search Heads, Indexers, Custom Groups|
|Topology - Node Detail||Yes||Yes|
|Topology - Overlay||Status, CPU, Memory||Status, CPU, Memory, Search Count, Indexing Rate|
|Topology - Node Relationship||No||Yes|
|Configuration File Viewer||Yes||No|
|Security Health Check||Yes||No|
|Warnings & Errors/Crashlog View||Yes||No|
|Resource Usage Views||Yes||Yes|
|Resource Usage - CPU/Memory by Splunk Instance||Yes||Yes|
|Resource Usage - CPU/Memory Deployment Views||No||Yes|
|Resource Usage - File Descriptor Usage||Yes||No|
|Forwarder Monitoring||No||Yes (6.3.0+)|
|HTTP Event Collector||No||Yes (6.4.0+)|
Use btool to troubleshoot configurations
What Splunk software logs about itself
This documentation applies to the following versions of Splunk® Enterprise: 6.5.0, 6.5.1