Utilization Monitor for Splunk (SUM)
Overview
Details
Utilization Monitor for Splunk
Allows you to quickly and easily analyze utilization in your Splunk environment. Use it proactively for capacity planning, or reactively to diagnose the cause of a license warning before it becomes a violation.
Version History
- See the Home page of the app for full vesion history - separate build notes will be included in a future release
- Version 1.7.0 Added the "Indexer Cluster Calculator for Storage and Serers" as well as the "Splunk Forwarder Versions" report
- Version 1.6.2 Added new drop-downs on the "License Usage Dashboard" dashboard on the "Total Usage Overview" panel and fixed a mising pool= filter in two other panels
- Version 1.6.1 Changed the name to comply with Splunk App Naming Conventions
- Version 1.6.0 fixed the "Search Head Utilization by App/View" dashboard, added a drop-down for "Splunk Server" to all Search Head Dashboards, added icons for SUM, and changed the navigation bar color
- Version 1.5.1 added Client IP Address to "Search Head User Logins/Logouts" and fixed Splunk 6.2 compatibility with the "Search Head User Logins/Logouts" dashboard
- Version 1.5.0 added the "Search Head Utilization by App/View" dashboard, the "Search Head Scheduled PDF Delivery Errors" dashboard, added new panels to the "Search Head Scheduler Utilization" dashboard, and updated names in the navigation menu
- Version 1.4.0 added "Search Head Scheduler Utilization" dashboard and renamed navigation drop-down menus
- Version 1.3.1 removes rollover data from the License Usage dashboard (thanks jkleensang!)
- Version 1.3 introduced a "User Login/Logout Dashboard" and "Search Head Utilization by User" dashboard
- Version 1.2 changed "Total License Usage" and "Total License Usage over Time (MB)" to use license_usage.log instead of metrics.log.
- Version 1.1 added several new charts to the License Usage dashboard.
- Version 1.0 introduced an in-depth license utilization dashboard (by index, host, sourcetype, source, splunk server, etc.) and an empirical analysis of the storage requirements for your current Splunk indexes.
Additional features, dashboards, and reports will be added in future versions. Please contact mason.s.morales@gmail.com with any feature requests or bug reports.
Installation notes
In a master-slave setup, SUM should be installed on the license master, or on a system that is configured to perform distributed search across any peers that would have index=_internal files.
Permissions
Users of this app need to be able to search index=_internal. This can be done using the admin user account, or may be added to a role by an admin by going to Settings -> Access controls -> Roles -> (Your Role) and adding the "_internal" to the "selected search indexes" under the "Indexes" section. Users of this app also need to have REST capability. The "admin" role with default settings is fully supported by this app.
Release Notes
Version 2.1.0
Several new dashboards and features. Install and take a look at the Home page!
Version 2.0.0
Version 2 of SUM! Completely updated for v6.3.1 of Splunk with new dashboards and a ton of improvements. The following are a few changes that have been made to the app:
Removed support for Splunk 5.x
Improved accuracy of the Indexer Cluster Storage Calculator, added Total Number of Disks Required, and changed some labels
Added support for computing storage requirements of the Enterprise Security (ES) data models to the the Indexer Cluster Storage Calculator
Added a new panel to the Empirical Storage Calculator that assesses your current retention periods, data sizes, etc. by index and splunk server
Fixed multiple panels in Search Head User Logins/Logouts Dashboard
Added Drill-down and Search Head Utilization by User Dashboard
Reduced load time to populate form inputs
Added Splunk user account information to drill-down of Search Head Utilization by User Dashboard
Added result counts to Search Head
Version 1.7.0
Added "Forwarder Reports" to navigation
Added "Splunk Forwarder Versions" under Forwarder Reports
Renamed "Storage Requirement Calculator" to "Empirical Storage Calculator"
Added "Indexer Cluster Storage Calculator" under Capacity Planning
Version 1.6.2
Added new drop-downs on the "License Usage Dashboard" dashboard on the "Total Usage Overview" panel
Version 1.6.1
Updated to comply with new app naming requirements
Version 1.6.0
Added "Splunk Server" drop-down filter to all Search Head dashboards
Added Icons
Changed Navigation Bar Color
Fixed "Search Head Utilization by App/View" Dashboard
Version 1.5.1
The "Search Head User Logins/Logouts" now works as intended with Splunk 6.2.x
Added "Client IP Address" to the "Search Head User Logins/Logouts" dashboard
Version 1.5.0
Updated navigation menus
Added new view for search head utilization by app/views
Added new view for scheduled PDF delivery errors
Added new panel to search head scheduler utilization view
Renamed user login/logout dashboard
Version 1.4.0
Renamed "Splunk User Activity" to "Seach Head Utlization"
Renamed "Splunk Capacity Planning" to "Capacity Planning"
Added "Search Head Scheduler Utilization" dashboard
Added "Total Run Time and Count of Scheduled Searches by App, User, Scheduled Search Name" panel
Added "Count of Scheduler Errors and Warnings" panel
Version 1.3.1
License Usage Dashboard now excludes rollover information
Version 1.3.0
Version 1.2.0
"Total License Usage" and "Total License Usage over Time (MB)" now use license_usage.log instead of metrics.log.
Version 1.1.0
Fixed percentage calculation for license usage and added several charts to the license utilization dashboard.
Version 1.0.0
SUM v1.0.0 currently supports only license utilization analysis and empirical storage requirement analysis. Future releases will contain additional features, dashboards, and reports.