Glossary of terms for Splunk App for Infrastructure

Splunk App for Infrastructure (SAI) basic components and feature descriptions include:

• Agent is the agent script which performs the following upon execution on the host machine/agent/entity:
  • Detects the operating system (for example, Ubuntu).
  • Based on the machine type, installs dependencies.
  • Updates collectd.conf with the necessary plugin.
  • Adds a custom plugin that sends data to SAI.
  • Starts the collectd service.
  • Runs collectd and establishes a data connection.

• Collectd is a system statistic collection daemon, see https://collectd.org/

• Dimension is a key/value pair used for troubleshooting, analysis, and filtering hosts, for example location:seattle or role:webserver. Dimension keys and values cannot begin with an underscore.

• Entity is the machine or host that has the data you want to forward to the SAI to monitor.

• Metrics is a set of measurements containing a timestamp, a metric name, a value, and a dimension. Metrics is a feature for system administrators and IT tools engineers that focuses on collecting, investigating, monitoring, and sharing metrics from your technology infrastructure, security systems, and business applications in real time.

• Status is the status for each entity is calculated by determining if data has been sent from the entity and is available for analysis in the last 60 seconds. An offset is set for this search to allow for time to index and store the metric measurements. If an entity sent data within the last 60 seconds, its status is Active. If an entity did not send data within the last 60 seconds, its status is Inactive. For Kubernetes objects, SAI gets status information from the Kubernetes API. For information about Kubernetes statuses, see Pod phase on the Kubernetes website. The status for Kubernetes nodes is set to disabled when the status of then node enters an unknown state.