Splunk® Enterprise

Monitoring Splunk Enterprise

Splunk Enterprise version 7.3 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Monitoring Console setup prerequisites

This topic is a step in the process of setting up the monitoring console for either a distributed Splunk Enterprise deployment or a standalone Splunk Enterprise instance.

To proceed with your monitoring console deployment, verify that you meet the following setup prerequisites:

  • Have a functional Splunk Enterprise deployment.
  • Ensure that each instance in the deployment has a unique server.conf serverName value and inputs.conf host value.
  • Enable platform instrumentation for every Splunk Enterprise instance that you intend to monitor, except forwarders. See About Splunk Enterprise platform instrumentation.
  • Forward internal logs (both $SPLUNK_HOME/var/log/splunk and $SPLUNK_HOME/var/log/introspection) to indexers from all other components. Without this step, many dashboards will lack data. See Best practice: Forward search head data in the Distributed Search Manual.
  • The user setting up the monitoring console needs the admin_all_objects capability.

Dashboard version dependencies

The dashboards in the monitoring console rely on data collected from Splunk Enterprise internal log files and endpoints. Much of the data comes from platform instrumentation, which was introduced in Splunk Enterprise version 6.1 and enhanced in subsequent releases. The following table summarizes the minimum Splunk Enterprise version requirements for particular platform instrumentation capabilities. If the instances that you monitor in the console do not meet these minimum version requirements, the related dashboard panels are empty.

Feature Panel Minimum version requirement
All dashboards Most panels Splunk Enterprise 6.1
KV store dashboards All panels Splunk Enterprise 6.2.0 (which introduced the KV store)
Search head clustering dashboards All panels Splunk Enterprise 6.2.0
Distributed search dashboards Panels about bundle replication Splunk Enterprise 6.3.0
HTTP Event Collector (HEC) dashboards All panels Splunk Enterprise 6.3.0 (which introduced HEC)
Scheduler dashboards Most panels Splunk Enterprise 6.3.0
Resource usage: Machine, Resource usage: Deployment I/O panels Splunk Enterprise 6.4.0
Health check N/A Splunk Enterprise 6.5.0 on instance hosting monitoring console


Next step

To continue setting up your monitoring console in a distributed deployment, see Set cluster labels.

To continue setting up your monitoring console on a standalone instance, skip to Configure Monitoring Console in standalone mode.

Last modified on 06 September, 2019
Which instance should host the console?   Set cluster labels

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters