How the Monitoring Console works
This topic lists the files that the Monitoring Console modifies in a Splunk Enterprise filesystem.
These files reside in $SPLUNK_HOME/etc/apps/splunk_monitoring_console/
unless indicated otherwise. This directory contains configuration files in both a default directory and, after Monitoring Console setup, a local directory. See About configuration file directories in the Admin Manual.
File(s) | Information contained in file(s) | When populated |
---|---|---|
app.conf | Basic information about the Monitoring Console: determines whether it is in distributed mode, and provides a short description for Splunk Web to use in Launcher. See app.conf.spec. | By default. Updated when you click Apply changes. |
distsearch.conf in etc/system/local | Contains stanzas that reference distributed search groups created by the Monitoring Console. The names of these groups are usually prefaced with dmc_group_*. For example: [distributedSearch:dmc_group_cluster_manager] | When you switch to distributed mode in Monitoring Console setup and click Apply changes |
dmc_alerts.conf | In some cases, you can edit thresholds in a platform alert without having to directly modify the search string for that alert. For such an alert, the Monitoring Console has a template of the search string, description string, and editable parameters. The template data, which is used in the Monitoring Console Alerts Setup page, is stored here, in stanzas named for the name of the saved search in default/savedsearches.conf. | By default |
lookups directory | Contains two important files:
|
By default (on initial startup). Updated when you click Apply changes or Rebuild forwarder assets, respectively. |
macros.conf | Contains two types of macros:
See macros.conf.spec. |
Search macros are stored here by default.
Customizations are set when you edit one and click Save. |
props.conf | Search-time field extraction and lookup applications and evals. See props.conf.spec. | By default |
savedsearches.conf | Schedules and search strings for platform alerts. The saved search named DMC Forwarder - Build Asset Table runs when you enable forwarder monitoring. | By default |
splunk_monitoring_console_assets
.conf |
This file contains:
|
When you click "Apply Changes" on Setup > General setup |
transforms.conf | Lookup definitions for assets.csv and forwarder csv file | By default |
For more details about dmc_alerts.conf and splunk_monitoring_console_assets.conf, look in $SPLUNK_HOME/etc/apps/splunk_monitoring_console/README
.
What can the Monitoring Console do? | Troubleshoot with integrated splunkd health report |
This documentation applies to the following versions of Splunk® Enterprise: 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2
Feedback submitted, thanks!