Splunk® Enterprise

Troubleshooting Manual

Splunk Enterprise version 7.1 is no longer supported as of October 31, 2020. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Splunk on Splunk app

Splunk on Splunk (SoS) is a legacy app that uses Splunk Enterprise diagnostic tools to analyze and troubleshoot your configuration. SoS reached its end of life with version 6.3.0 of Splunk Enterprise. The app is no longer available for download and is not supported in any way.

How Splunk on Splunk differs from the Monitoring Console

The SoS app reached its end of life with version 6.3.0 of Splunk Enterprise. Its functionality is replaced and extended by the Monitoring Console, which is included with Splunk Enterprise versions 6.2.0 and later.

We recommend that you migrate from SoS to the Monitoring Console for Splunk Enterprise monitoring and introspection.

SoS Monitoring Console
Supported No Yes
Acquired Via Splunkbase Ships with Splunk Enterprise
Install Location Search Head Non-production search head
Supports Single Instance Yes Yes
Data Sources Splunk Logs, Scripted Inputs (counts against license) Splunk Logs, Introspection (does not count against license), REST
User Defined Grouping No Yes
Topology View Yes Yes
Topology - Server Roles Search Heads, Indexers, Forwarders Search Heads, Indexers, Custom Groups
Topology - Node Detail Yes Yes
Topology - Overlay Status, CPU, Memory Status, CPU, Memory, Search Count, Indexing Rate
Topology - Node Relationship No Yes
Configuration File Viewer Yes No
Security Health Check Yes No
Warnings & Errors/Crashlog View Yes No
Resource Usage Views Yes Yes
Resource Usage - CPU/Memory by Splunk Instance Yes Yes
Resource Usage - CPU/Memory Deployment Views No Yes
Resource Usage - File Descriptor Usage Yes No
KV Store No Yes
Forwarder Monitoring No Yes (6.3.0+)
HTTP Event Collector No Yes (6.4.0+)
Last modified on 17 July, 2019
Use btool to troubleshoot configurations   What Splunk software logs about itself

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters