Online Documentation: https://trackme.readthedocs.io
ITSI integration: https://trackme.readthedocs.io/en/latest/itsi_integration.html
This project is hosted in GitHub: https://github.com/guilhemmarchand/trackme
Open an issue: https://github.com/guilhemmarchand/trackme/issues
REST API reference manual: https://trackme.readthedocs.io/en/testing/rest_api_reference.html
Dependencies:
Since TrackMe 1.2.0, there are dependencies:
Installation:
See instructions: https://trackme.readthedocs.io/en/latest/deployment.html
TrackMe runs on the search heads only (or monitoring console host if you decide to deploy TrackMe in this instance), the only indexer level dependencies is the definition of an event index and a metric index. TrackMe should not be deployed to the indexers or any level of forwarders.
- Feature - Issue #266 - ID cards - Wildcard matching for ID cards allowing matching any number of entities for the same card using wildcards and your naming conventions
- Enhancement - Issue #268 - Backup and Restore - Perform an additional get call in the Backup operation to automically discover any missing backup files
- Fix - Issue #267 - Backup and Restore - Python2 compatibility issues with Splunk 7.x
- Fix - Issue #261 - SLA - SLA reporting should honour allow/block list and not monitored entities #261
- Fix - Issue #266 - ID cards - Updating an existing card within the UI removes other associations with the card that is updated
- Fix - Issue #270 - REST endpoint resources groups wrong exposure for Splunk Web proxied behaviors
SHA-256: 04245537a41766138bcf4a64e9a9fee0fd2be2ed4bbcb5cf01325f5728e79bca
- Feature - Issue #249 - CRIBL native integration - TrackMe can now be configured to be transparently reliying on the Cribl pipeline concept to discover and track data sources based on the cirbl_pipe to provide an easy and performing integration
- Feature - Issue #250 - new blocklisting capabilities based on the data_name for data sources
And many more.
See: https://trackme.readthedocs.io/en/latest/releasenotes.html
SHA-256: c025b596eb3fb1aaec79299f1c73664523233ded8aafab5716a5097af1087f43
- Enhancement - Issue #241 - KVstore backup and restore - Improved workflow with Metadata recording of backup archives, new dashboard providing insights on the workflow and its features
- Fix - Issues #242 - UI - interfaces like lagging classes, allow and block listing should not remove the search input form if there are no results found
SHA256: 644843ebd65fc2b6bdc71f1b57882383dc03a38cdac439782a579b1c6b86d78b
- Fix - Appinspect failures due to CSV lookup files not referenced as lookups (non Cloud failure)
- Enhancement - Issue #230 - data host over time and single search performance improvements
- Enhancement - Issue #222 - Automatically Backup Main KV Store collections, provide endpoints for backup and restore operations
- Enhancement - Issue #232 - REST API and tooling - Provide a new app nav menu and a new dashboard to demonstrate the REST API endpoints and the usage of the trackme API in SPL commands
- Fix - Issue #231 - UI - reduce the max number of entries in the tag policies screen (goes beyond the modal limitation)
- Fix - Issue #233 - Smart Status - orange state due to week days monitoring is not properly handled
- Fix - Issue #235 - Data sources - Week days monitoring rules are not honoured if triggering due to dcount host
- Fix - Issue #236 - Data sources - status message is inaccurate if data source is in data sampling alert but week days monitoring rules are not met
- Feature: Introducing the trackme REST API wrapper SPL command, allows interracting with the TrackMe REST API endpoints within SPL queries!
- Feature: Introducing the smart status REST API endpoints, performs advanced status correlations and investigations easily and automatically, within the UI, as part of an alert action or within your third party automation!
- Feature: REST API endpoint for Data Sampling - allow reset and run sampling
... And more!
See: https://trackme.readthedocs.io/en/latest/releasenotes.html
- Feature - Issue #210 - new REST API endpoints for Elastic Sources / Logical Groups / Data Sampling / Tags Policies / Lagging Classes / Lagging Classes Metrics
- Feature - Issue #212 - Data sampling - Allows defining exclusive rules for data sampling custom models, this can be used when a regex must not be matched, such as detecting PII data automatically
- Feature - Issue #214 - Data sampling - Allows defining a custom number of records to be sampled on a per data source basis
- Feature - Issue #215 - Data Hosts - Support for priority based lagging classes
- Fix - Data sampling - Clear state and run sampling action would fail if actioned on a data source which data sampling has not run yet at least once, fixes and UI improvements for Data sampling
- Change - Issue #213 - knowledge objects default permissions - Review of the app related KVstores default permissions, fixing missing collections and transforms
- Feature Issue #205 - Introduction TrackMe REST API endpoints for automation integration and future UI evolutions (https://trackme.readthedocs.io/en/latest/rest_api_reference.html)
- Feature Issue #209 - Feature - Provides a new mode for data sources to allow by index level analysis
- Fix Issue #208 - Fix - creating a rest based search causes regression in the data sampling and event recognition engine
- Feature Issue #201 - Elastic Sources - Support for lookup tracking with from commands
- Feature Issue #202 - Elastic Sources - Support for remote searches using rest
- Fix Issue #203 - Provides a macro based definition for first level span of Metrics trackers
- Change: Upgrade of splunklib Python SDK to latest release 1.6.14
https://trackme.readthedocs.io/en/latest/releasenotes.html#version-1-2-27
- Feature: Issue #186 - Data sampling - during the creation of a custom rule, its scope can now be restricted to a list of specific sourcetypes to dedicate custom rules and avoid rules overlapping issues
- Feature: Issue #188 - SLA calculation migration from flipping statuses events to current statuses events for reliable results / SLA dashboard improvements / Drilldown from SLA single percentage in TrackMe main UI to SLA dashboard
- Feature: Issue #190 - UI improvements - provide quick access to data sampling custom rules in the main data sources tab, unify trackers manual run for data sources and hosts in a single button and window
- Feature: Issue #191 - UI improvements - Load spinner at TrackMe loading stage, Spinner design refresh globally in TrackMe
- Feature: Issue #181 - Disable data sampling on demande via the UI #181
- Fix: Issue #180 - Outliers detection impacts offline data such as low frequency batched data sources #180
- Fix: Issue #182 - Data sampling - Manual run, Clear state and run sampling UI period constraint is too short for cold data sources #182
- FIx: Issue #183 - Data Sampling - number of entities to process calculation can lead to no entities being processes #183
- Feature: Issue #153 - For ITSI and timeline integration purposes, generate and store last states information as summary events #153
- Feature: Issue #141 - Enhancement - ability to search for hosts in Data Hosts Tracking by Logical Group Name #141
- Feature: Issue #148 - Enhancement: Allow 'NOT' filter for Keyword filter name: #148
- Feature: Issue #166 - Enhancement - Provides a UI feature to allow reseting the list of metrics known for a given metric host
- Feature: Issue #174 - Enhancement - Adding the timeline viz view in the status tabs #174
- Fix: Issue #147 / Issue #161 Outliers management and configuration - fixes and improvements
- Fix: Issue #167 - Issue - Pressing "Manage: manual tags" displays dialog with ALL tags in "List of current tags for this data source" field #167
- Fix: Issue #170 - install_source_checksum should not be in app.conf (appinspect warning) #170
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.