Content Pack for Monitoring Splunk as a Service

Content Pack for Monitoring Splunk as a Service

This documentation does not apply to the most recent version of Content Pack for Monitoring Splunk as a Service. For documentation on the most recent version, go to the latest release.

Release notes for the Content Pack for Monitoring Splunk as a Service

Version 2.0.1 of the Content Pack for Monitoring Splunk as a Service was released on January 5, 2021. The following sections explain the contents of the current and past releases.

Version 2.0.1

Some KPI base searches were missing from the previous version of the content pack. The following base searches were added in version 2.0.1:

  • SPLK-ES-Search_Head.Correlation_Searches
  • SPLK-Forwarder.Base_Search
  • SPLK-Forwarder.GUID
  • SPLK-Forwarder.Limits
  • SPLK-Indexer.Bucket_Count
  • SPLK-Indexer.FutureTime
  • SPLK-Indexer.HealthCheck
  • SPLK-Indexer.Indexed
  • SPLK-Indexer.Linebreaker
  • SPLK-Indexer.Parsing
  • SPLK-Indexer.Truncation
  • SPLK-Indexer_Cluster.Slow_Response
  • SPLK-ITSI-Index.Status
  • SPLK-ITSI-Internal_Searches
  • SPLK-ITSI-KPI_Performance
  • SPLK-ITSI-Log.Error_Warning
  • SPLK-ITSI-Refresh_Queue
  • SPLK-License-Index_Usage
  • SPLK-License-Indexer_Usage
  • SPLK-License-Sourcetype_Usage
  • SPLK-Search_Head.Base_Search.Scheduler

Known issues

Version 2.0.1 of the Content Pack for Monitoring Splunk as a Service has the following reported known issues. If no issues appear below, no issues have yet been reported.

Issue number Description
ITSI-20984 Content pack installed Base searches hit the 100 character limit.

Impacted KPI Base searches are the following:

  • SPLK-ES-Search_Head.Correlation_Searches
  • SPLK-Search_Head.Base_Search.Scheduler


Workaround:

  1. .Clone the KPI Base Search affected by this issue.
  2. Identify the Services that are consuming the KPI Base Search results by following the steps below:
    1. Go to ITSI > Configuration > KPI Base Searches
    2. Click on the KPI Base Search affected by this issue.
    3. Go to the Dependent KPIs section.
    4. Identify the list of KPIs and Services dependent on the KPI Base Searches from the list.
  3. Replace the KPI Base Search present in the Service with the Cloned KPI Base Search.

After following above steps, KPIs of the Service should be populated.

Version 2.0.0

The following table describes the contents of BACKUP-CP-SPLUNK-2.0.0.zip.

New feature or enhancement Description
ITSI services The following services that represent your Splunk deployment:
  • Splunk Deployment Server Instance Metrics
  • Splunk Deployment Server OS Metrics
  • Splunk Deployment Server
  • Splunk ES Metrics
  • Splunk ES Instance Metrics
  • Splunk ES OS Metrics
  • Splunk Enterprise Security
  • Splunk Forwarder
  • Splunk Heavy Forwarder Instance Metrics
  • Splunk Heavy Forwarder OS Metrics
  • Splunk Heavy Forwarder
  • Splunk Indexer Buckets
  • Splunk Indexer Cluster Manager Instance Metrics
  • Splunk Indexer Cluster Manager OS Metrics
  • Splunk Indexer Cluster Metrics
  • Splunk Indexer Cluster
  • Splunk Indexer Data
  • Splunk Indexer Index Metrics
  • Splunk Indexer Instance Metrics
  • Splunk Indexer OS Metrics
  • Splunk Indexer Queues
  • Splunk Indexer Search Metrics
  • Splunk Indexer Tier
  • Splunk ITSI Instance Metrics
  • Splunk ITSI Metrics Service
  • Splunk ITSI OS Metricss
  • Splunk ITSI
  • Splunk License Manager Instance Metrics
  • Splunk License Manager OS Metrics
  • Splunk License Metrics
  • Splunk License Tier
  • Splunk Management Console Instance Metrics
  • Splunk Management Console OS Metrics
  • Splunk Management Console
  • Splunk Search Head Cluster
  • Splunk Search Head Instance Metrics
  • Splunk Search Head OS Metrics
  • Splunk Search Head Users
  • Splunk Search Metrics
  • Splunk Search Tier
  • Splunk
Service templates The following service templates:
  • Splunk Instance Metrics Template
  • Splunk OS Metrics Template
KPI base searches The following KPI base searches:
  • SPLK-Indexer.Per_Host_Thruput
  • SPLK-Indexer.Per_Index_Thruput
  • SPLK-Indexer.Queues
  • SPLK-Indexer.Search_Metrics
  • SPLK-Search_Head.Usage
  • SPLK-SHC-Bundle_Errors
  • SPLK-SHC-Search_Head.HealthCheck
  • SPLK-Splunk.Installed_Apps
  • SPLK-Splunk.Introspection-Disk_Space
  • SPLK-Splunk.Introspection-IOstats
  • SPLK-Splunk.Introspection_CPU_Memory
  • SPLK-Splunk_Splunkd_Errors

Version 1.1.0

The following table describes the changes made in BACKUP-CP-SPLUNK-1.1.0.zip.

New feature or enhancement Description
Compatibility with ITSI version 4.4.4 Version 1.0.0 of this content pack didn't restore successfully on ITSI version 4.4.4. Version 1.1.0 fixes this compatibility issue.
Fixed the DA-ITSI-SOS:Indexer.Throughput KPI base search. Fixed DA-ITSI-SOS:Indexer.Throughput which produced incorrect results in version 1.0.0.


Version 1.0.0

The following table describes the contents of BACKUP-CP-SPLUNK-1.0.0.zip.

New feature or enhancement Description
ITSI services The following services that represent your Splunk deployment:
  • SPLK - Forwarder Tier
  • SPLK - Indexer Tier
  • SPLK - Splunk ITSI
  • SPLK - Splunk License Tier
  • SPLK - Splunk Search Tier
  • SPLK - Splunk Environment Health (for service tree organization)
  • SPLK - Splunk Premium Apps (for service tree organization)
Saved Service Analyzer view SPLK - Splunk Environment Health
KPI base searches The following KPI base searches:
  • DA-ITSI-SOS:Forwarder.GetCount
  • DA-ITSI-SOS:Indexer.IndexQueue
  • DA-ITSI-SOS:Indexer.ParsingQueue
  • DA-ITSI-SOS:Indexer.Throughput
  • DA-ITSI-SOS:OS-Performance.CPU
  • DA-ITSI-SOS:OS-Performance.Disk
  • DA-ITSI-SOS:OS-Performance.Memory
  • DA-ITSI-SOS:PremiumApp.ITSI.CollectedKPIs
  • DA-ITSI-SOS:PremiumApp.ITSI.InvalidKPIs
  • DA-ITSI-SOS:PremiumApp.ITSI.RefreshQueueErrors
  • DA-ITSI-SOS:PremiumApp.ITSI.RulesEngineSkippedEvents
  • DA-ITSI-SOS:Search.AverageRunTime
  • DA-ITSI-SOS:Search.ErrorsandWarnings
  • DA-ITSI-SOS:Search.SkippedSearches
  • DA-ITSI-SOS:Search.TotalSearches
  • DA-ITSI-SOS:Splunk.IndexProcessorHealth
  • DA-ITSI-SOS:Splunk.ProcessHealth

Additional resources

Last modified on 30 September, 2022
About the Content Pack for Monitoring Splunk as a Service   Install and configure the Content Pack for Monitoring Splunk as a Service

This documentation applies to the following versions of Content Pack for Monitoring Splunk as a Service: 2.0.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters