Splunk® Enterprise

Inherit a Splunk Enterprise Deployment

Splunk Enterprise version 8.2 is no longer supported as of September 30, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Use the monitoring console to determine your topology

If your outgoing admin left you information about a monitoring console (formerly called a distributed management console, DMC), you can use this to discover your deployment's topology.

Prerequisites

Read Deployment topologies. This topic describes the elements of Splunk Enterprise deployments and offers essential guidance on how to discover your deployment topology.

Access the monitoring console

Refer to any information provided by your previous administrator or by your organization.

The monitoring console can be hosted on its own instance, or it can be colocated with an indexer cluster manager node. Less commonly, it can be colocated with another management component. See Which instance should host the console? in Monitoring Splunk Enterprise.

Log into Splunk Web on a node that is likely to be the monitoring console. If you do not know what node is your monitoring console, try an indexer cluster manager node. If that does not give you results, try any search head.

When you have found the node that runs the monitoring console, navigate to the monitoring console:

  1. Click Settings from anywhere in Splunk Web
  2. Click the Monitoring Console icon on the left of the panel to open the monitoring console.

Monitoring console overview

The home page of the monitoring console is the Overview page.

The monitoring console has two modes, standalone and distributed. On the basis of the following screen shots, determine whether the monitoring console on your instance is configured in standalone or distributed mode.

The overview in standalone mode: The image shows the Monitoring Console Overview dashboard in standalone mode. The dashboard displays information pertaining to a single-instance Splunk Enterprise deployment, including indexing rate, license usage, disk usage, and system CPU and memory usage.


The overview in distributed mode: The image shows the Monitoring Console Overview dashboard in distributed mode. The dashboard displays information pertaining to a distributed Splunk Enterprise deployment, including number of indexers, number of search heads, cluster master status, and license master details.


If you do not have the monitoring console configured in distributed mode on any instance in your deployment, do not set it up at this point. Instead, continue to Examine configuration files to determine your topology.

Discover components and topology from the monitoring console

From the Overview page, click the Topology toggle to learn about your deployment's topology.

  1. See the instances in your deployment.
  2. Click each instance to view details including its Splunk Enterprise version.
  3. Record this information on your deployment diagram.


See all of the components colocated on an instance:

  1. Click Instances.
  2. Use the Group dropdown to view each component in your deployment, leaving KV store for the last.
  3. For each instance, note the information displayed in the table. The information under "Role" is the component.
  4. Record this information on your deployment diagram.


An admin can optionally set up forwarder monitoring in the monitoring console, as of Splunk Enterprise 6.3.0. To view forwarder information:

  1. Click Forwarders > Forwarder deployment.
  2. Use the Split by dropdown to understand your set of forwarders.
  3. Scroll down to the Status and Configuration panel.
  4. Record information about forwarder type, Splunk version, OS, and system architecture on your diagram.


Do not yet enable forwarder monitoring.

You can optionally rebuild the forwarder asset table. If a forwarder is decommissioned, it remains on the forwarder dashboards until you rebuild the forwarder asset table. This step is probably not immediately necessary, but if you find that your forwarder dashboards contain null results from several forwarders, you might want to rebuild the asset table. If you have many forwarders, it can take a while to run.

  1. In the monitoring console, click Settings > Forwarder Monitoring Setup.
  2. Click Rebuild forwarder assets.
  3. Select a time range or leave the default of 24 hours.
  4. Click Start Rebuild.


You will survey groups of forwarders called server classes later, in Review your apps and add-ons.

Validate your monitoring console setup

If you have used the monitoring console to populate your diagram, it is almost complete.

To ensure accuracy, validate that the monitoring console was correctly configured by your previous administrator. Use the configuration file methods that follow. To validate the monitoring console setup:

  1. Test one or two of the instances with multiple server roles, also known as components.
  2. Verify that the server roles displayed for that instance on the monitoring console Instances page matches the information you gather using the configuration file method.
  3. If it does not, investigate configuration files of other instances and populate your deployment diagram with that information.
  4. After you complete the rest of the orientation tasks in this manual and reach Monitor system health, correct the monitoring console setup.
Last modified on 19 October, 2020
Deployment topologies   Examine configuration files to determine your topology

This documentation applies to the following versions of Splunk® Enterprise: 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters