icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading OverOps for Splunk
SHA256 checksum (overops-for-splunk_130.tgz) baa30eba1d06a417abeddc72c00c0e9cc47b7a0dd40089d65db114c0955618a6 SHA256 checksum (overops-for-splunk_120.tgz) 6da1c074fd46b62e86de791700cc6689586bce2222ee9e6398c0911d9b169f18
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

OverOps for Splunk

Splunk Cloud
This app is NOT supported by Splunk. Please read about what that means for you here.
Overview
Details
OverOps can provide net new machine data beyond log files, that will help to enhance and extend your Splunk implementation. While log files provide some value, OverOps collects unique data at the moment of application execution that gives complete insight into an error or an exception. And this granular information has proven to be extremely useful inside of Splunk. See https://www.overops.com/splunk site for more information.

Visualize OverOps data for insights into overall quality and reliability of applications and services. DevOps & SREs view overall application health with KPIs, like uncaught & swallowed exceptions, logged & HTTP errors, new & resurfaced errors, & more. The VP of Eng & Dev Leads see errors by application & specific code locations with correlations to throughput. Quality Engineers & SREs see new errors that have been introduced to individual builds to determine whether it is safe to promote code.

OverOps for Splunk Application

See the OverOps Splunk integration site for more information.

With real-time streaming of events & metrics from OverOps directly into Splunk, SREs, DevOps and IT Ops can gain clarity of overall application health as visualized in Splunk Metric Dashboards through key performance indicators, such as the number of unique uncaught and swallowed exceptions, and errors that are new or have resurfaced. You can’t find those in log files, but now you can with OverOps data inside of Splunk!

Installation procedure for the Splunk app:

Estimated effort: 5 minutes

The OverOps for Splunk application is compatible with OverOps v4.18 and higher. Use of any previous versions may omit some OverOps tokens and require modication to the Splunk application. Nonetheless, use of this application will provide a great head start into gaining value from the data from OverOps into Splunk.

The OverOps Administrator will need to perform these tasks from within the OverOps user interface:

  1. Turn statsd on from publish metrics. (Settings -> Publish Metrics)

  2. Define the statsD server address (this reflects a Splunk UDP data input on port 8125)

splunk-server-name-here:8125 

The OverOps metrics should be defined as the following:

overops_views,${viewname},${serviceid},${application},${server},${deployment}

overops_events,${serviceid},${application},${server},${deployment},${class},${method},${eventlink},${eventid},${labels},${eventtype},${eventname},${introducedby},${entrypointclass},${entrypointmethod},${firstseen},${infra},${jiraissuekey}

overops_entrypoints,${serviceid},${application},${server},${deployment},${entrypointclass},${entrypointmetrics}

overops_custom,${serviceid},${application},${server},${deployment},${metric}

overops_jvms,${serviceid},${application},${server},${applicationpid}

alt text

The Splunk Administrator will need to perform these tasks from within Splunk:

Note this app utilizes a new events index within Splunk called overops. A new UDP data input is also required in Splunk, recommended on port 8125. Note: An administrator will need to complete these when upgrading to a new version of the app.

  1. Download and Install the OverOps for Splunk app from splunkbase.

  2. Create New Index ( Settings -> Indexes -> New Index )
    a. index name = overops
    b. index data type = Events

  3. Create New Data Input ( Settings -> Data inputs -> UDP -> New Local UPD )
    a. Choose UDP
    b. Port: 8125 (Recommended port. This port should be provided to the OverOps Administrator to publish metrics.)
    c. Source Type: Select -> Metrics -> statsd
    d. App Context: OverOps for Splunk(overops)
    e. Index: overops
    f. Validate the new port can be accessed from the server command line where the OverOps collector is installed.

nc -v -u splunk-server 8125
  1. View the OverOps for Splunk app. ( Apps -> OverOps for Splunk )

  2. Edit Drill-down to OverOps Root Cause Analysis: Drill-through links to the OverOps root cause analysis will need to be updated with administration access. The dashboards are Event Details, Application Drill-down, Application Drill-down-drillthrough and Continuous Reliability. In each of these dashboards, there is a table visualization.
    Edit dashboards -> More details -> Edit Drilldown -> Link to custom URL

For SaaS or Hybrid model:

https://app.overops.com/tinykey/$row.RootCause|n$

or
For On-Premise model:

https://on-prem-overops-server-here/tinykey/$row.RootCause|n$

Please be aware that some visuals in the Real-Time Application State dashboard will take a couple days to populate as there are some day over day comparisons, hence the index will need to be filled with the appropriate data.

Reports and Dashboards within OverOps for Splunk

Real-Time Application State

For DevOps, IT Ops, and SREs can evalutate the overall application health as visualized through key performance indicators, such as the number of unique uncaught and swallowed exceptions, and errors that are new or have resurfaced.
alt text

Continuous Reliability

For SREs and QA Engineers, identify what builds and deployments have introduced new errors into your code, so you can make informed decisions on when to promote code from environment to environment.
alt text

Application Drill-down, Exception Analysis, Log Error & Warning Analysis

For the VP of Engineering and Development Leads in your organization, access OverOps data inside Splunk to aggregate specific code locations where errors and exceptions are most prevalent in your code base, and correlate error volumes to application throughput for error rate analysis.
alt text
alt text
alt text

Infrastructure Drill-down ( drill to this report from the "Events by Tier vs Throughput" time chart within Real-Time Application State )

For the VP of Engineering and Development Leads to analyze errors and exceptions by infrastructure tiers, such as db, apache, google, etc, and then immediately go to root cause analysis.
alt text

Event Details ( drill to this report from any of the volume metrics from within Real-Time Application State )

Help Development Leads cut through the noise as OverOps can deduplicate billions of logged events into accurate analytics inside Splunk, without the need to parse and search through text.
alt text

Release Notes

Version 1.3.0
Oct. 5, 2018
  1. New drill-down report for infrastructure view. The drill-down is reached from the the Real-Time Application State, Events by Tier view.
  2. Updated table-output searches so that the searches return a null table when no results are returned.
  3. Updated a search in the Real-Time Application State for new errors KPI, to limit records for better performance.
  4. Modified filter parameter for event_type to be a drop-down in Real-Time Application State.
  5. Fix for missing parameter filter in application drill-down query.
Version 1.2.0
Sept. 21, 2018
  1. Added annotations to time charts to see when new deployments were deployed
  2. Minor updates to queries for performance considerations and readability
  3. Fix for cascading prompt
10
Installs
259
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.