Allows you to quickly and easily analyze utilization in your Splunk environment. Use it proactively for capacity planning, or reactively to diagnose the cause of a license warning before it becomes a violation.
Additional features, dashboards, and reports will be added in future versions. Please contact mason.s.morales@gmail.com with any feature requests or bug reports.
In a master-slave setup, SUM should be installed on the license master, or on a system that is configured to perform distributed search across any peers that would have index=_internal files.
Users of this app need to be able to search index=_internal. This can be done using the admin user account, or may be added to a role by an admin by going to Settings -> Access controls -> Roles -> (Your Role) and adding the "_internal" to the "selected search indexes" under the "Indexes" section. Users of this app also need to have REST capability. The "admin" role with default settings is fully supported by this app.
Several new dashboards and features. Install and take a look at the Home page!
Version 2 of SUM! Completely updated for v6.3.1 of Splunk with new dashboards and a ton of improvements. The following are a few changes that have been made to the app:
Removed support for Splunk 5.x
Improved accuracy of the Indexer Cluster Storage Calculator, added Total Number of Disks Required, and changed some labels
Added support for computing storage requirements of the Enterprise Security (ES) data models to the the Indexer Cluster Storage Calculator
Added a new panel to the Empirical Storage Calculator that assesses your current retention periods, data sizes, etc. by index and splunk server
Fixed multiple panels in Search Head User Logins/Logouts Dashboard
Added Drill-down and Search Head Utilization by User Dashboard
Reduced load time to populate form inputs
Added Splunk user account information to drill-down of Search Head Utilization by User Dashboard
Added result counts to Search Head
Added "Forwarder Reports" to navigation
Added "Splunk Forwarder Versions" under Forwarder Reports
Renamed "Storage Requirement Calculator" to "Empirical Storage Calculator"
Added "Indexer Cluster Storage Calculator" under Capacity Planning
Added new drop-downs on the "License Usage Dashboard" dashboard on the "Total Usage Overview" panel
Updated to comply with new app naming requirements
Added "Splunk Server" drop-down filter to all Search Head dashboards
Added Icons
Changed Navigation Bar Color
Fixed "Search Head Utilization by App/View" Dashboard
The "Search Head User Logins/Logouts" now works as intended with Splunk 6.2.x
Added "Client IP Address" to the "Search Head User Logins/Logouts" dashboard
Updated navigation menus
Added new view for search head utilization by app/views
Added new view for scheduled PDF delivery errors
Added new panel to search head scheduler utilization view
Renamed user login/logout dashboard
Renamed "Splunk User Activity" to "Seach Head Utlization"
Renamed "Splunk Capacity Planning" to "Capacity Planning"
Added "Search Head Scheduler Utilization" dashboard
Added "Total Run Time and Count of Scheduled Searches by App, User, Scheduled Search Name" panel
Added "Count of Scheduler Errors and Warnings" panel
License Usage Dashboard now excludes rollover information
"Total License Usage" and "Total License Usage over Time (MB)" now use license_usage.log instead of metrics.log.
Fixed percentage calculation for license usage and added several charts to the license utilization dashboard.
SUM v1.0.0 currently supports only license utilization analysis and empirical storage requirement analysis. Future releases will contain additional features, dashboards, and reports.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.