icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Apache License, Version 2.0

Splunk Websites Terms and Conditions of Use

Thank You

Downloading InsightFinder App for Splunk
SHA256 checksum (insightfinder-app-for-splunk_210.tgz) 929c34af554e9dce84ffc1c1dfaa0628b5ff839d28fffd932d15b0dcab89c777 SHA256 checksum (insightfinder-app-for-splunk_200.tgz) 07e44dace6a17db7b45855bcbbd9ecb41578939206e7f8cab413bb87ec702f2d SHA256 checksum (insightfinder-app-for-splunk_184.tgz) 762652bb3a53e12b9798272470dcc4872cc83f6206ac6e71906463bf7e8ba19a SHA256 checksum (insightfinder-app-for-splunk_183.tgz) f331dcd89d4e3ef8fb3eda23d7678945f98616f3b2b836c2c0b17a6789d5f865 SHA256 checksum (insightfinder-app-for-splunk_182.tgz) cfbba85a84fd95a6aeb13a1784941a6d014ca4754f99a8343c0cff2ed4cd66ca SHA256 checksum (insightfinder-app-for-splunk_181.tgz) 97b402145cff6d6d1171464c28e85cbdffe55b165645a3c83124682b53aa0442 SHA256 checksum (insightfinder-app-for-splunk_180.tgz) 838b987a9088bc586066d9b1d8c407455ea21ff7ffb993d4d5005d2a51ee60c0 SHA256 checksum (insightfinder-app-for-splunk_179.tgz) 16814e8442fdcc14191677feb65b96032ed1e34ae73b723a499e8addb422f3b4 SHA256 checksum (insightfinder-app-for-splunk_178.tgz) 2243fd5734b766d762de269dafacaea3669722f6828c9953095357a96449ea0b SHA256 checksum (insightfinder-app-for-splunk_177.tgz) 6b149bcbbaf64b363822e2c6a7ec4aef0e542cf0e7e49a14ae9da81ca239f8e4 SHA256 checksum (insightfinder-app-for-splunk_175.tgz) 4a119197fa3473a9d13c0bdd3b60db40ff2fc91ea3412b47e0cb0ff4f8d3d58f SHA256 checksum (insightfinder-app-for-splunk_174.tgz) 5906c8375183bcd04d86774095b35d4561aa8c6d571051f8d1778b4ad28bf8c0 SHA256 checksum (insightfinder-app-for-splunk_173.tgz) ee96647e4c7e4b2047bef8a4e055837984abdc1bd8b93979117503b973bf0e21 SHA256 checksum (insightfinder-app-for-splunk_172.tgz) c7c457043e023f5b21f9e2194ad7b8e3ef0274b2387f455fad25ca6e8b0db8a3 SHA256 checksum (insightfinder-app-for-splunk_171.tgz) 4dc75eb3fa9ba423a4847532cd1c535b672fe1aed5ae9acb276f48830ac411d9 SHA256 checksum (insightfinder-app-for-splunk_17.tgz) c47625e231242fcb8f34b1a896dbfe299619585d7fd1410e045d11365b95d42e SHA256 checksum (insightfinder-app-for-splunk_163.tgz) 5f00cd78467d2ee550f741bba3c5652a0b8a58a16edfeff552bf435d1c4484ce SHA256 checksum (insightfinder-app-for-splunk_162.tgz) 998e409bc1eef410b8f35562b90296ed7be172981e49f6660045d21594439674 SHA256 checksum (insightfinder-app-for-splunk_161.tgz) 832965a43562be1165f2209ce9cfa49aea8854e5029d30c5454f52a83af74645 SHA256 checksum (insightfinder-app-for-splunk_16.tgz) ff60fd6d33c9e6f2d647615cf46d923b0e70099d921ddf0154f4829ed36203ab SHA256 checksum (insightfinder-app-for-splunk_15.tgz) 21b5560ee4ef4a670e66bc097c2980aa757e97b957066dd6e913f4194a37bd1f SHA256 checksum (insightfinder-app-for-splunk_14.tgz) f5fe89967a4abbb4edb10e3f480b7e146e28097aa14eda852bc330b337d3e6e7 SHA256 checksum (insightfinder-app-for-splunk_13.tgz) e0905e6aebd3217a2f8831d8eacb459ffdf119af093760dfa11ace4602b96b7c SHA256 checksum (insightfinder-app-for-splunk_12.tgz) 95f96e0b336e47f68ed044bb33c87659d6f1c89f706ad6e32be5d7c09b82eb7c SHA256 checksum (insightfinder-app-for-splunk_11.tgz) f5aff4b391c8a5a62f2367b41abeda0b18317909a32639e02e0c7652feeac4ff SHA256 checksum (insightfinder-app-for-splunk_10.tgz) 4ae1b35563255b15e14589387246ff97534799504188b5c70b73958e9c4504db
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

InsightFinder App for Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
Leverage InsightFinder's predictive analytics services to extract insights from your Splunk data (and other sources), improve the uptime/availability of your critical services, and reduce your MTTR when incidents occur.

InsightFinder provides the industry's best multivariate anomaly detection, automatic root cause analysis, stream-based free-from text log analysis (identifying rare/burst events, classifying similar events in one group) based on our patented unsupervised statistical machine learning and signal processing technologies. Our product has been tested in some of the largest and most challenging IT environments, from the world's largest technology companies (including Google -- our first customer!), Fortune 500 financial institutions, major telecommunications carriers, and some of the largest healthcare institutions in the world.

Using InsightFinder’s Splunk integration, customers will see over 95% reduction of false alerts, 80-90% storage cost savings through lossless log compression, true visibility into the causal relationships of your IT infrastructure to predict services outages, and intuitive capacity planning.

InsightFinder is the industry's best AIOps engine, delivering insights and analytics in real time and at scale.

InsightFinder is free for small accounts and priced affordably for others.

Welcome to InsightFinder!

Overview

Leverage InsightFinder's predictive analytics services to extract insights from your Splunk data (and other sources), improve the uptime/availability of your critical services, and reduce your MTTR when incidents occur.

InsightFinder provides the industry's best multivariate anomaly detection, automatic root cause analysis, stream-based free-from text log analysis (identifying rare/burst events, classifying similar events in one group) based on our patented unsupervised statistical machine learning and signal processing technologies. Our product has been tested in some of the largest and most challenging IT environments, from the world's largest technology companies (including Google -- our first customer!), Fortune 500 financial institutions, major telecommunications carriers, and some of the largest healthcare institutions in the world.

Using InsightFinder’s Splunk integration, customers will see over 95% reduction of false alerts, 80-90% storage cost savings through lossless log compression, true visibility into the causal relationships of your IT infrastructure to predict services outages, and intuitive capacity planning.

InsightFinder is the industry's best AIOps engine, delivering insights and analytics in real time and at scale.

InsightFinder is free for small accounts and priced affordably for others.

Getting Started with InsightFinder's App for Splunk

Sign up for an account with InsightFinder

Register a Splunk project in InsightFinder

  • Sign in to InsightFinder with your user credentials
  • Go to Settings and add a new project (Top icon on the left side of your screen)
  • Give your project a name and, optionally a description.
  • Select "Insight Agent" as on the Data source page.
  • On the Configure page, select,
  • "Private Cloud" for Instance Type.
  • "Metric" or "Log" as the Data Type, depending on your input.
  • "Custom" as the Agent Type if a Metric project, "File Replay" or “Live Streaming” as appropriate otherwise.
  • If the Data Type is Metric, enter a Sampling Interval corresponding to the sampling interval of your metric data.
  • Go to Account Info (Note: click on your user ID in the top right corner of the screen) and note your license key number

Installation

Single Instance
- Download the installation file by clicking "Download" on the InsightFinder Splunkbase Page, or obtain a copy from us if you are using an on-prem install that requires non-https connection.
- In Splunk’s web interface, go to Manage Apps > Install app from file. Restart Splunk when prompted to.
- After restarting, the setup screen should appear. Enter your Username and License Key as displayed in the Account Info section of the InsightFinder application. This is your only chance to set up the app; otherwise, you will need to do a full uninstall and reinstall.

Cluster
- Download the installation file by clicking "Download" on the InsightFinder Splunkbase Page, or obtain a copy from us if you are using an on-prem install that requires non-https connection.
- On the Search Head Cluster Deployer’s web interface, go to Manage Apps > Install app from file. Restart Splunk when prompted to.
- After restarting, the setup screen should appear. Enter your Username and License Key as displayed in the Account Info section of the InsightFinder application. This is your only chance to set up the app; otherwise, you will need to do a full uninstall and reinstall.
- Copy the app to the shcluster folder:
   cp -r $SPLUNK_HOME/etc/apps/insightfinderapp $SPLUNK_HOME/etc/shcluster/apps/
- Distribute the app with $SPLUNK_HOME/bin/splunk apply shcluster-bundle ...
Note that the app does not need to be installed on any indexer/search peer.

Upgrade

Do a full uninstall of the application (see below), then install using the latest app file.

Query Requirements

To start sending data to InsightFinder, navigate to the Search page within the app. Make sure that you have projects set up as appropriate for the type of data and streaming method that you plan to use. If not, please review the steps outlined above.

For log streaming analysis, append the following to any query that would return data you’d like to push to InsightFinder:

| sort _time 
| reportmetrics projectName=YOUR_PROJECT_NAME mode=LogStreaming serverUrl=INSIGHTFINDER_APP_SERVER chunkSize=300

By default, the app sends processed event_message data. If needed, switching from processed data to raw data can be done as demonstrated below. If you do not have a specific use case for sending raw data, you should not set this parameter.

For sending raw data, append sendRaw=True to the end of your query:

| sort _time 
| reportmetrics projectName=YOUR_PROJECT_NAME mode=LogStreaming serverUrl=INSIGHTFINDER_APP_SERVER sendRaw=True

The INSIGHTFINDER_APP_SERVER parameter denotes the address of Insightfinder application server(If not an on-prem installation use https://app.insightfinder.com) . The CHUNKSIZE parameter is optional and denotes the size (in KB) of each data block transmitted from your Splunk App to the InsightFinder app server. The default value is 200. Please make sure the chunk size is allowed by your local network configuration and within the jetty configuration limitation on InsightFinder app server. https://app.insightfinder.com currently can accept the chunk size below 500KB.

To continually send data, please refer to Splunk’s documentation on scheduling searches.

For log replay analysis, the same command is appended, except the mode is set to LogReplay:

| sort _time 
| reportmetrics projectName=YOUR_PROJECT_NAME mode=LogReplay serverUrl=INSIGHTFINDER_APP_SERVER

For metrics analysis, both streaming and replay, please make sure timestamp is named as _time and the host name is named as host. You can use the rename command to meet the naming requirements, as demonstrated below.

For metrics streaming analysis, you should append the following to your query:

| eval _time = strptime('YOUR_TIMESTAMP_NAME', 'stftime_fmt') 
| rename YOUR_HOST_NAME as host 
| table _time host LIST_OF_METRICS 
| reportmetrics projectName=YOUR_PROJECT_NAME mode=MetricStreaming serverUrl=INSIGHTFINDER_APP_SERVER

Simply denote which metrics you wish to send within the table command in place of LIST_OF_METRICS; for example, if your field names are cpu.usage, cpu.idle, mem_used, network_tx, and network_rx, you could use cpu* mem_used network* as your LIST_OF_METRICS.

For metrics replay analysis, the command is the same, except the mode is set to MetricReplay:

| eval _time = strptime('YOUR_TIMESTAMP_NAME', 'stftime_fmt') 
| rename YOUR_HOST_NAME as host 
| table _time host LIST_OF_METRICS 
| reportmetrics projectName=YOUR_PROJECT_NAME mode=MetricReplay serverUrl=INSIGHTFINDER_APP_SERVER

If you have column(s) that holds a value (ie an aggregated count) and another columns(s) which holds that value field's potential metric names (ie error code types), you can specify those fields by appending the following parameters:

metricValCols="valCol1;valCol2"
metricNameCols="nameCol1a,nameCol1b;nameCol2a,nameCol2b"

For each nth metricValCol, the columns that contain that value's name are in the nth metricNameCol. For example, if metricValCol="count" and metricNameCol="error_code,status_code", then the metric reported will be named the value in either error_code or status_code (whichever column is found first), with a value equal to the value in count.

For support, please email support@insightfinder.com

Uninstall

Single Instance
Delete the insightfinderapp folder in $SPLUNK_HOME/etc/apps/ and any insightfinderapp folders in user directories under $SPLUNK_HOME/etc/users, then restart Splunk: $SPLUNK_HOME/bin/splunk restart

Cluster
Delete the insightfinderapp folder in $SPLUNK_HOME/etc/shcluster/apps/ and distribute with $SPLUNK_HOME/bin/splunk apply shcluster-bundle ... -force true

Release Notes

Version 2.1.0
Nov. 4, 2019

Updated for full compatibility with
* Single and Clustered environments
* Splunk 7.x and 8.0
* Python 2 and Python 3
Version 2.0.0
Oct. 17, 2019

Fixed compatibility with Search Head Clusters.
Version 1.8.4
July 26, 2019

InsightFinder App for Splunk now accepts processed data ("event_message") by default. To send raw data please include the argument "sendRaw" in your search query. Visit the Details page for more information.
Version 1.8.3
June 26, 2019

InsightFinder App for Splunk now accepts processed data ("event_message") by default. To send raw data please include the argument "sendRaw" in your search query. Visit the Details page for more information.
Version 1.8.2
April 1, 2019

InsightFinder App for Splunk now sends processed data("event_message") by default instead of raw data. To send raw data you must include an extra parameter "sendRaw" when running query. See the Details page for further information.
Version 1.8.1
Nov. 27, 2018

* Updated Server URL check to be compatible with InsightFinder back-end change
Version 1.8.0
April 14, 2018

Improved chunking for replaying large quantity of logs
Version 1.7.9
Feb. 20, 2018
Version 1.7.8
Feb. 8, 2018

Updated Readme
Added Setup Screen
Enforced https on InsightFinder app URL
Version 1.7.7
Feb. 5, 2018
Version 1.7.5
Jan. 23, 2018
Version 1.7.4
Oct. 9, 2017
Version 1.7.3
Sept. 22, 2017
Version 1.7.2
Sept. 21, 2017
Version 1.7.1
Sept. 18, 2017
Version 1.7
Sept. 14, 2017
Version 1.6.3
Sept. 11, 2017
Version 1.6.2
Sept. 11, 2017
Version 1.6.1
Sept. 6, 2017
Version 1.6
Sept. 5, 2017
Version 1.5
Sept. 4, 2017
Version 1.4
Aug. 8, 2017
Version 1.3
Aug. 8, 2017
Version 1.2
March 17, 2017

Updated scripts sending data to and fetching data from InsightFinder server.
Version 1.1
Nov. 13, 2016
Version 1.0
Aug. 25, 2016
26
Installs
845
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
Built by
InsightFinder Inc
Support
Developer Supported
Contact Developer Questions on Splunk Answers Flag as inappropriate
Compatibility
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise
Splunk Versions: 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.0 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.0 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.0 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.0 Platform: Linux CIM Versions: 4.x Platform: Platform Independent CIM Versions: 4.x Platform: Platform Independent CIM Versions: 4.x Platform: Platform Independent CIM Versions: 4.x Platform: Platform Independent CIM Versions: 4.x Platform: Platform Independent CIM Versions: 4.x Platform: Platform Independent CIM Versions: 4.x Platform: Platform Independent CIM Versions: 4.x Platform: Platform Independent CIM Versions: 4.x Platform: Platform Independent CIM Versions: 4.x, 3.x Platform: Platform Independent CIM Versions: 4.x, 3.x Platform: Platform Independent Platform: Platform Independent Platform: Platform Independent Platform: Platform Independent Platform: Platform Independent
Licensing
Apache License, Version 2.0
Category & Contents
Categories: IT Operations, Security, Fraud & Compliance, Business Analytics
App Type: App
Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Learn More

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Submit Your App Dev Resources
Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Sitemap | Contact | Careers | Privacy | Terms of Use | Export Control | Report a Problem
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.