iControl can be installed in standalone, independent search heads or search head clustered instances of Splunk (version 7.0+). It uses a service account with access to a predefined set of indexes (configured by role-based permission*) to search for events matching a list of preconfigured Splunk event types. iControl is interested in only four types of data:
Timestamps, used to calculate process durations, cut-off times, etc. Ex: 20-01-2019T15:03:09+01:00
Event counts, used to calculate the total number of items in a queue, file, database output, etc. Ex: 50
A reference (single or multiple strings), used to link raw data to a target. Ex: Mon_Pnt_01
key-value pair (mainly strings or boolean) indicating the status of a given process. Ex: processStatus=up
iControl will NOT read/write any personal data (account names, account numbers, social security numbers, etc). It is important to stress that the application is used to monitor and report on the performance of business flows AND NOT the status of a particular business process at a given point in time.
To perform these calculations, the engine will process in the background the metrics listed above and evaluate their results against pre-configured thresholds. The results of the calculation (either "Breached" or "Not Breached") will be stored in a KV Store (used for real-time status reporting) and in an index (used for historical reporting).
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.