icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading TrackMe
SHA256 checksum (trackme_1223.tgz) a80e106497acd4eeb7f26ccb8ff02e7aecacf1ad9d20b50fe491c13ddea763b1 SHA256 checksum (trackme_1222.tgz) 1df0ffeff9fb34494a29c26ddde0330bbe4fd9e9cfc3452c595bd03bb753df37 SHA256 checksum (trackme_1221.tgz) 14909f67bdc1dc284bbbd1235abcd115617c622c30807d68d1638109229af9ca SHA256 checksum (trackme_1220.tgz) cbae715ecc7d1f7d52c12b31c5a580fcddd5d7e5c1a81f8512c3b75fffe40795 SHA256 checksum (trackme_1219.tgz) fb6e49d60a010a8013a9296c178cb5df2c0bee2f9c9c58ed9af6ed5f6eb616d0 SHA256 checksum (trackme_1218.tgz) 05ac471bdb419453e0a2647891d568bebe6d758dc040481a4c085a18996c4516 SHA256 checksum (trackme_1217.tgz) bf84ba3187aca93f9bd55a730161934b017b9bb29382983fc9508d26b1f93f7a
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
The Splunk TrackMe application provides automated monitoring and visibility insight of your data sources availability, with a powerful user interface and workflow for Splunk product owners to detect and alert on failures or abnormal latency:

- Discover and store key states information of data sources, data hosts and metric hosts availability
- Provides a powerful user interface to manage activation states, configuration and quickly trouble availability failure detection
- Analyse and detect lack of data and performance lagging of data sources and hosts within your Splunk deployment
- Behaviour analytic with outlier detection based on machine learning outliers calculations
- Behaviour analytic with data sampling and event format recognition, monitor and detect anomalies in raw events to detect event format changes or misbehaviour
- Create elastic sources for any kind of custom monitoring requirements based on tstats / raw / mstats / from searches to fullfill any requirements
- Record and investigate historical changes of statuses, as well as administrators changes (audit flipping and changes)
- Easy administration via graphical human interface from A to Z

No matters the purpose of your Splunk deployment, trackMe will easily become an essential and easy piece of your deployment, and even providing efficient answers to PCI and compliance requirements
Keep things under your control and be the first to know when data is not available, get alerted before your users get back to you!

Why this application?

Splunk administrators and engineers have to spend a good amount of time and energy to on-board new data sources, another data source after another data source.

However, it is very frequent to realise after math that something went wrong, for some reason the sender stopped sending, an upgrade broke a configuration, a network rule was lost…

No administrator should be informed of an issue in the data flow by the customer or end users, this is why you need pro-activity and costless availability monitoring.

with the massive amount of data sources, this becomes easily a painful and time consuming activity, this application aims to drastically help you in these tasks.

TrackMe provides a handy user interface associated with an efficient data discovery, state and alerting workflow.

Made by Splunk admins for Splunk admins, the TrackMe application provides builtin powerful features to monitor and administer you data source monitoring the easy way!

See: https://trackme.readthedocs.io

Online Documentation: https://trackme.readthedocs.io

This project is hosted in Github: https://github.com/guilhemmarchand/trackme

Open an issue: https://github.com/guilhemmarchand/trackme/issues


Since TrackMe 1.2.0, there are dependencies:

Release Notes

Version 1.2.23
Sept. 26, 2020


This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

- Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
- Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890

TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):

- Fix: Exclusion of metrics generated by TrackMe itself would exclude other metrics generated on the same search head
- Fix: Issue #151 - error handling does not catch a failure during the creation of a new elastic source #151
- Fix: Issue #154 - Splunk Cloud vetting - capability in role will not be be granted #154
- Fix: Issue #155 - Splunk Cloud - In some specific contexts, Elastic source dedicated tracker creation fails #155

Version 1.2.22
Sept. 18, 2020

- Feature: Extending the Tags features with tags policies, this feature provides a workflow to automatically define tags using regular expressions rules matching the data_name value and its naming convention
- Feature: Improved views for Ops queues (renamed to Ops: Queues center) and Ops parsing, multi hosts selector, improved analytics
- Fix: Issue #131 - The enable data source action does not preserve the current value of data_lag_alert_kpis in the collection, which ends as a null value
- Fix: Issue #138 - Typo in the metrics screen, Metrics categories was mispelled
- Fix: Issue #139 - TrackMe metrics should be excluded out of the box from the metrics tracking
- Fix: Issue #142 - Disabing Acknowledment is broken due to the add comment feature introduction
- Fix: Issue #144 - Ack disable should use the comment for update if any #144
- Change: Include the priority value when generating the flipping status summary events
- Change: Do not load the raw_sample field when during the execution of data sources track

Version 1.2.21
Sept. 1, 2020


- Feature: Introducing a new very hot feature! Data sampling and event format recognition is a new workflow that allows monitoring the event formats behaviour by processing automated sampling of the data sources and monitoring their behaviour over time, builtin rules are provided and can be extended with custom rules to handle any custom data format
- Feature: Introducing the new tags capability, you can now add tags to data sources, tags are keywords which can be set per data source to provide new filtering capabilities
- Fix: When using a custom Splunk URI path (root_endpoint in web.conf), internal calls to splunkd made the UI can fail if splunkd does not accept the root context and only accepts the custom root context
- Fix: When creating new dedicated elastic sources, if the search result name exceeds 100 characters, this results in a silent failure to create the new source

Version 1.2.20
Aug. 4, 2020

This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

- Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
- Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890

TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):

- Fix: getlistdef.py custom command fails with a Python decode error if running in a Python3 only instance
- Fix: Allowlist / Blacklist and similar deletion checkbox may fail to refresh the window content properly upon record(s) deletion
- Change: UI rendering improvements
- Fix: For metric hosts, logical group mapping generates false positive status flipping events, blue hosts should not appear in single count of hosts in alert, refresh button should respect the current blue status
- Fix: For data hosts, logical group mapping (blue hosts) should not appear in single

Version 1.2.19
July 27, 2020

- Feature: Improved rendering of the ingestion lag and event lag metrics for data sources and hosts modal windows (new single for event lag, automatically converted to a duration format)
- Feature: over KPI alerting option, this new feature allows for data sources and data hosts entities to choose which KPI to be alerting against, between all KPIS, lag ingestion KPI only or lag event KPI only.
- Feature: Improved look and feel of modal windows with a header color scheme based on the action performed
- Fix: In table checkbox CSS code fix to get square shape instead of a rectangle
- Fix: In auto lagging definition modal windows, the current modal window should be hidden automatically when the action is executed
- Fix: Minor fix of input forms spacing in the main UI related to the keyword search text input box
- Fix: Alignment of header separator issues with Firefox for the main modal Windows
- Change: Remove data_index and data_sourcetype in the table output for data sources as the data_name field

Version 1.2.18
July 13, 2020

- Fix: Builtin alerts should do not honour index allowlisting (for entities created before allowlists were configured)
- Change: In support with the elimination of long term used negative words in IT, whitelist and blacklist concepts are replaced with allowlist and blocklist concepts
- Fix/Feature: UI improvement with a checkbox in table approach to provide deletion capabilities on the different screens such as allowlist and blocklist, in some circumstances the drilldown approach was causing trouble with unexpected closure of the modal window
- Fix: Outliers generation with mstats and the append=true mode fails in some distributed architecture, the single schedule report is replaced with a scheduled per potential period configured for entities, in a high performing fashion and capable of dealing with any number of entities
- Fix: Active links such as opening in a search a data source might get broken in some environments when using a custom Splunk URI path (root_endpoint in web.conf)

Version 1.2.17
July 5, 2020

- Fix: Outliers detection framework issues (some parameters are not properly honoured due to regressions in prior versions)
- Fix: When modifying outliers configuration on Elastic sources, entities could be temporary stated in red state due to entity refresh started as a background action, while for Elastic searches the combo index/sourcetype might not refer to real values depending on their configuration
- Fix: Outliers simulation under some circumstances can show discrepancy in results regarding results which would be calculated once applied
- Feature: Improved refresh capabilities for data sources and automatically define the best suitable search depending on the type of the data source (standard, shared or dedicated Elastic source)


Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.