Splunk® Enterprise

Monitoring Splunk Enterprise

Download manual as PDF

Download topic as PDF

Monitoring Console setup prerequisites

This topic is a step in the process of setting up the monitoring console for either a distributed Splunk Enterprise deployment or a standalone Splunk Enterprise instance.

To proceed with your monitoring console deployment, verify that you meet the following setup prerequisites:

  • Have a functional Splunk Enterprise deployment.
  • Ensure that each instance in the deployment has a unique server.conf serverName value and inputs.conf host value.
  • Enable platform instrumentation for every Splunk Enterprise instance that you intend to monitor, except forwarders. See About Splunk Enterprise platform instrumentation.
  • Forward internal logs (both $SPLUNK_HOME/var/log/splunk and $SPLUNK_HOME/var/log/introspection) to indexers from all other components. Without this step, many dashboards will lack data. See Best practice: Forward search head data in the Distributed Search Manual.
  • The user setting up the monitoring console needs the admin_all_objects capability.

Dashboard version dependencies

The dashboards in the monitoring console rely on data collected from Splunk Enterprise internal log files and endpoints. Much of the data comes from platform instrumentation, which was introduced in Splunk Enterprise version 6.1 and enhanced in subsequent releases. The following table summarizes the minimum Splunk Enterprise version requirements for particular platform instrumentation capabilities. If the instances that you monitor in the console do not meet these minimum version requirements, the related dashboard panels are empty.

Feature Panel Minimum version requirement
All dashboards Most panels Splunk Enterprise 6.1
KV store dashboards All panels Splunk Enterprise 6.2.0 (which introduced the KV store)
Search head clustering dashboards All panels Splunk Enterprise 6.2.0
Distributed search dashboards Panels about bundle replication Splunk Enterprise 6.3.0
HTTP Event Collector (HEC) dashboards All panels Splunk Enterprise 6.3.0 (which introduced HEC)
Scheduler dashboards Most panels Splunk Enterprise 6.3.0
Resource usage: Machine, Resource usage: Deployment I/O panels Splunk Enterprise 6.4.0
Health check N/A Splunk Enterprise 6.5.0 on instance hosting monitoring console


Next step

To continue setting up your monitoring console in a distributed deployment, see Set cluster labels.

To continue setting up your monitoring console on a standalone instance, skip to Configure Monitoring Console in standalone mode.

PREVIOUS
Which instance should host the console?
  NEXT
Set cluster labels

This documentation applies to the following versions of Splunk® Enterprise: 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.3.0, 7.3.1


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters