Splunk® Enterprise

Monitoring Splunk Enterprise

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

DMC setup prerequisites

This topic is a step in the process of setting up the Distributed Management Console (DMC) for either a Splunk Enterprise deployment or a single Splunk Enterprise instance. See About the Distributed Management Console in this manual.

By now you have decided which instance should host the DMC in your deployment. Before proceeding to Set cluster labels (for a deployment) or Configure DMC in standalone mode (for a single Splunk Enterprise instance), make sure you meet these prerequisites:

  • Have a functional Splunk Enterprise deployment. See Scale your deployment with Splunk Enterprise components in the Distributed Deployment Manual.
  • Make sure that your deployment is healthy, that is, that all peers are up.
  • Make sure that each instance in the deployment (each search head, license master, and so on) has a unique server.conf serverName value and inputs.conf host value.
  • Platform instrumentation must be enabled for every Splunk Enterprise instance (except forwarders) that you intend to monitor. Every instance must meet the platform instrumentation system requirements:
    • Each node must be running Splunk Enterprise 6.1 or higher.
    • Platform instrumentation is supported for Windows, Linux, and Solaris.
  • Forward internal logs (both $SPLUNK_HOME/var/log/splunk and $SPLUNK_HOME/var/log/introspection) to indexers from all other instance types. See Best practice: Forward search head data in the Distributed Search Manual. Without this step, many dashboards will lack data. These other instance types include:
    • Search heads.
    • License masters.
    • Cluster masters.
    • Deployment servers.
  • The user setting up the distributed management console needs the admin_all_objects capability.

Dashboard version dependencies

The dashboards in the Distributed Management Console rely on data collected from Splunk Enterprise internal log files and endpoints. Much of the data comes from platform instrumentation, which was introduced in Splunk Enterprise version 6.1. In addition, platform instrumentation has been enhanced in subsequent releases, for example by adding logging about iostats in Splunk Enterprise 6.4.0. The following table summarizes which quantities were introduced in which version.

The instances that you monitor in the console must meet these version requirements, or the related dashboard panels will appear blank.

Dashboard Panel System requirement
All dashboards Most panels Splunk Enterprise 6.1
KV store dashboards All panels Splunk Enterprise 6.2.0 (which introduced the feature)
Search head clustering dashboards All panels Splunk Enterprise 6.2.0
Distributed search dashboards Panels about bundle replication Splunk Enterprise 6.3.0
HTTP Event Collector dashboards All panels Splunk Enterprise 6.3.0 (which introduced the feature)
Scheduler dashboards Most panels Splunk Enterprise 6.3.0
Resource usage: Machine, Resource usage: Deployment I/O panels Splunk Enterprise 6.4.0


Next step

To continue setting up your DMC in a distributed deployment, see Set cluster labels.

To continue setting up your DMC on a single instance, skip to Configure DMC in standalone mode.

PREVIOUS
Which instance should host the console?
  NEXT
Set cluster labels

This documentation applies to the following versions of Splunk® Enterprise: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters