Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading InsightFinder App
MD5 checksum (insightfinder-app_12.tgz) ae18ec6c1e767e64e1c599d74fd7ab8a MD5 checksum (insightfinder-app_11.tgz) 10e6b7f58519081c58931ae4cf583b55 MD5 checksum (insightfinder-app_10.tgz) b8de5a738ba6dd574cbefc49f11698d0
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

InsightFinder App

Overview
Details
Leverage InsightFinder's predictive analytics services to extract insights from your Splunk data (and other sources) and improve the uptime/availability of your critical services and reduce your MTTR when incidents occur!

InsightFinder provides the industry's best multivariate anomaly detection, automatic root cause analysis, and long-, medium-, and short-term capacity forecasts based on our patent-pending unsupervised statistical machine learning and signal processing technologies. Our product has been tested in some of the largest and most challenging IT environments, from the world's largest technology companies (including Google -- our first customer!), Fortune 50 financial institutions, major telecommunications carriers, and some of the largest healthcare institutions in the world.

InsightFinder is free for small accounts and priced affordably for others so everyone can enjoy the benefits of the best machine learning and neural network algorithms in the industry!

Welcome to InsightFinder!

Getting Started with InsightFinder's App for Splunk

Sign up for an account with InsightFinder
- Go to InsightFinder Signup

Register a project in InsightFinder
- Sign in to InsightFinder with your user credentials
- Go to Settings and add a new project (Top icon on the left side of your screen) under the "Insight Agent" tab
- Give your project a name, and select "Private Cloud" for project type
- Go to Account Info (Note: click on your user ID in the top right corner of the screen) and note your license key number.

Installation
- Download the installation file by clicking "Download" on the InsightFinder Splunkbase Page.
- Unpack the contents into
$SPLUNK_HOME/etc/apps/
- After unpacking, you should see the directory in:
$SPLUNK_HOME/etc/apps/insightfinderapp
We’ll refer to this directory as $INSIGHTFINDER_HOME in future instructions.

Initial Setup
- The files insightfindersettings.json and fetchifdatasettings.json must be configured properly to your InsightFinder account before queries can be added.
- Create the folders: $INSIGHTFINDER_HOME/local and $INSIGHTFINDER_HOME/lookups/[ProjectNameInInsightFinder]
- Copy over the files using the commands:
- cp example_configs/insightfindersettings.json.example lookups/INSIGHTFINDER_PROJECTNAME/insightfindersettings.json
- cp example_configs/fetchifdatasettings.json.example lookups/INSIGHTFINDER_PROJECTNAME/fetchifdatasettings.json
- Open insightfindersettings.json and set USERNAME,LICENSEKEY, and app_name (that is project name in InsightFinder) to appropriate values used in your InsightFinder account
- Open fetchifdatasettings.json and change projectName and host to your desired project name.
- Reference the comment block instructions as needed. Make sure to delete the comment block when finished.

Query Set Up Part 1 (via Command Line Interface)
Each search needs its own folder, and a file to specify which fields to monitor and the data to send to InsightFinder. For instance, let's give our search a name: "ResourceMetrics".
- Create the folder $INSIGHTFINDER_HOME/lookups/<projectnameininsightfinder>/ResourceMetrics
- Move a copy of monitored_fields.json into your new search folder with the command
- cp $INSIGHTFINDER_HOME/example_configs/monitored_fields.json.example $INSIGHTFINDER_HOME/lookups/[ProjectNameInInsightFinder]/ResourceMetrics/monitored_fields.json
- Open the file and configure the fields, referencing the comment block instructions as needed. Make sure to delete the comment block when finished.

Query Set Up Part 2 (via Splunk UI)
- Navigate to your InsightFinder page in Splunk.
- Enter your search query in the search bar and hit enter
- The query fetching data from host and index should be pipelined to command "sendtoif" with parameters InsightFinder project name and search name. Eg. host="splunkdemo" index="resource_metrics" | sendtoif -p INSIGHTFINDER_PROJECTNAME -s ResourceMetrics
- Click All Time->30 Minute Window to set window size. An alert may fail to send because of network connectivity issues, or possible outages. With this setting, the next successful alert in the 30 minute window will include the results for any failed attempts.
- To add the search results to the data sent to InsightFinder, click Save As->Alert
- Enter your title and description. Make sure to change permissions to Shared in App.
- Choose the frequency of alerts. To select a 1 minute interval, click Run every week->Run on Cron Schedule. Then enter * * * * * for Cron Expression.

View Data
Create a simple visualization of the InsightFinder results using a Splunk line chart.
- Navigate to your InsightFinder page in Splunk.
- To the right of the page, click Edit -> Edit Panels.
- Click Add Panel->New->Line Chart and enter the name of your metric in Content Title.
- For simple verification purposes, view the data from the past 24 hours. Select All Time-> Last 24 hours.
- For Search String, enter the same query as before with the addition of -p "PROJECT NAME"
- To preview results as a list, click Run. To view the line chart, click Add to Dashboard at the top of the page.

Release Notes

Version 1.2
March 17, 2017

Updated scripts sending data to and fetching data from InsightFinder server.

Version 1.1
Nov. 13, 2016

Version 1.0
Aug. 25, 2016

4
Installs
88
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Splunk Certification Program

Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2017 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.