Splunk® Enterprise

Monitoring Splunk Enterprise

Acrobat logo Download manual as PDF

Splunk Enterprise version 6.x is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Acrobat logo Download topic as PDF

DMC prerequisites

This topic is a step in the process of setting up the distributed management console (DMC) for either a Splunk Enterprise deployment or a single Splunk Enterprise instance. See About the Distributed Management Console in this manual.

By now you have decided which instance should host the DMC in your deployment. Before proceeding to Set cluster labels (for a deployment) or Configure DMC in standalone mode (for a single Splunk Enterprise instance), make sure you meet these prerequisites:

  • Have a functional Splunk Enterprise deployment. See Distributed Splunk Enterprise overview in the Distributed Deployment Manual.
  • Make sure that your deployment is healthy, that is, that all peers are up.
  • Make sure that each instance in the deployment (each search head, license master, and so on) has a unique server.conf serverName value and inputs.conf host value.
  • Platform instrumentation must be enabled for every Splunk Enterprise instance (except forwarders) that you intend to monitor. Every instance must meet the platform instrumentation system requirements:
    • Each node must be running Splunk Enterprise 6.1 or higher.
    • Platform instrumentation is supported for Windows, Linux, and Solaris.
  • Forward internal logs (both $SPLUNK_HOME/var/log/splunk and $SPLUNK_HOME/var/log/introspection) to indexers from all other instance types. See Best practice: Forward search head data in the Distributed Search Manual. Without this step, many dashboards will lack data. These other instance types include:
    • Search heads.
    • License masters.
    • Cluster masters.
    • Deployment servers.
  • The user setting up the distributed management console needs the admin_all_objects capability.

Dashboard version dependencies

The dashboards in the Distributed Management Console rely on data collected from Splunk Enterprise internal log files and endpoints. Much of the data comes from platform instrumentation, which was introduced in Splunk Enterprise version 6.1. In addition, platform instrumentation has been enhanced in subsequent releases. The following table summarizes which quantities were introduced in which version.

The instances that you monitor in the console must meet these version requirements, or the related dashboard panels will appear blank.

Dashboard Panel System requirement
All dashboards Most panels Splunk Enterprise 6.1
KV store dashboards All panels Splunk Enterprise 6.2.0 (which introduced the feature)
Search head clustering dashboards All panels Splunk Enterprise 6.2.0

Next step

To continue setting up your DMC in a distributed deployment, see Set cluster labels.

To continue setting up your DMC on a single instance, skip to Configure DMC in standalone mode.

Last modified on 25 August, 2016
Which instance should host the console?
Set cluster labels

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters