icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Perficient Splunk Plus for TM1
SHA256 checksum (perficient-splunk-plus-for-tm1_10.tgz) cd0bbdfe9df2a7ece90639c1ce859f8436c49ff9beb0d38cd029300ab70ee247
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Perficient Splunk Plus for TM1

This app has been archived. Learn more about app archiving.
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Perficient’s Splunk Plus for TM1 ingests and visualizes machine data for TM1 instances. The application is highly instrumented and allows administrators to interact with TM1 application and error logs. Users can pivot on time ranges, environment, and process results to tailor a view from TM1 metrics into reports, alerts, and dashboards that matter.

Dashboards provide both the executive and operations stakeholders meaningful and actionable historical and real-time insights into the operational health of TM1. The application facilitates troubleshooting and faster root cause analysis for conditions that could lead to outages before they happen.

The following dashboards are included:

• TM1 Overview
• TM1 Errors
• TI Error Interrogator

Perficient Splunk Plus TM1 Technology Add-on (TA) for Splunk Enterprise (version 1.0)
Splunk 6.3.x or above
* TM1 10.1 or higher

The Perficient Splunk Plus TM1 App for Splunk Enterprise uses the data provided by the Perficient Splunk Plus TM1 Technology Add-on (TA) for Splunk. The TA must be downloaded, installed and properly configured prior to using this App.


  1. Install the Perficient Splunk Plus TM1 Technology Add-on (TA) for Splunk Enterprise version 1.0 (available from Splunkbase) and follow the installation instructions.

  2. Install the Perficient Splunk Plus TM1 App for Splunk Enterprise
    a. In Splunk Enterprise, Navigate to "Manage Apps" then "Install app from file"
    b. Select the ".spl" file containing the Perficient Splunk Plus TM1 App for Splunk Enterprise and click upload
    c. Restart Splunk Enterprise as prompted
    d. In the setup screen, enter the name of the index your TM1 events are stored in - this should match the index name defined in the TA
    e. Restart Splunk Enterprise
    f. Allow time for the tm1s.cfg files to be ingested, then navigate to search>reports and execute the "Run Once-Setup Search". This search will populate the lookup table used to drive the user inputs, for selecting the desired TM1 instances. For more details, please see section

  3. Lookup Table Maintenance and TM1 Instance Mapping
    -There are two lookup tables in use by this app, instance_lookup.csv and process_lookup.csv

The process_lookup.csv

a.  The process_type lookup table is used for enriching searches within the dashboards, such as successful/failed loads, successful/failed exports, and so on.  Since the naming of these TI’s can be arbitrary, Splunk is not able to identify whether a process is a load, export, transfer, etc and relies upon a lookup table to perform this function.  By default, this lookup table is configured to work with the sample data as an example.
b. The following column names are used:
    1.  Process_type
    2.  Examples of  possible entires include Load, Transfer, Export, Maintenance, Close Cycle, etc.
c.  Business_process_name
    1.  This is the friendly name of the TI process
d.  Process_Name
    1.  This field is used for matching purposes with the raw Splunk searches.  The interesting TI name should be defined in this field, and it should match the field name retrieved from the raw data.

The instance_lookup.csv

a.  The instance_lookup table is used for enriching the log data with the TM1 instance name, from which the logs were obtained.  It also drives the tm1_instance selection options in the dashboard UI.  Proper configuration of this table is important as it is leveraged by all of the dashboard panels.  It functions as an automatic lookup, and is intended to map the ServerName field from the tm1s.cfg file with the LogDirectory (should a value be present), and if a value is not present, mapping the file path from the DataDirectory to the path the tm1serverlog and tm1processerror log files are obtained from. 
b.  After installing both the TA and the Perficient Splunk Plus for TM1 app, the setup search under the saved searches view should be run.  When configured properly, it will extract all of the ServerName values from the tm1s.cfg files and the associated LogDirectory or DataDirectory values, and construct the lookup table.  In the event that this is not possible, you may manually edit the lookup table.
c.  The lookup table consists of three columns
    1. cfg_source - this is the source path to the tm1s.cfg file and is present to prevent a conflict of shared directories
    2. tm1_instance - this is the ServerName value of the tm1_instance from which the logs are collected
    3. log_dir - this is the directory which the tm1_instance's tm1server.log and tm1processerror.log files are stored
d.  To manually edit the lookup table, enter a unique value for each cfg_source column, while providing a tm1_instance name, and log_dir paths.

The log_dir path here MUST MATCH the source directory path which the tm1 serverlog and process error files are being ingested from!

Readme for the Perficient Splunk Plus for TM1 App
Authors: Perficient Splunk Practice / Tony Marrazzo and Edward Denzler
Version: 1.0

Release Notes

Version 1.0
April 23, 2016



Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.