Python compatibility: TrackMe is fully compatible with Python3 only environments
Online Documentation: https://trackme.readthedocs.io
ITSI integration: https://trackme.readthedocs.io/en/latest/itsi_integration.html
Cribl Logstream integration: https://trackme.readthedocs.io/en/testing/cribl_integration.html
This project is hosted in GitHub: https://github.com/guilhemmarchand/trackme
Open an issue: https://github.com/guilhemmarchand/trackme/issues
REST API reference manual: https://trackme.readthedocs.io/en/testing/rest_api_reference.html
Dependencies:
Since TrackMe 1.2.0, there are dependencies:
Installation:
See instructions: https://trackme.readthedocs.io/en/latest/deployment.html
TrackMe runs on the search heads only (or monitoring console host if you decide to deploy TrackMe in this instance), the only indexer level dependencies is the definition of an event index and a metric index. TrackMe should not be deployed to the indexers or any level of forwarders.
- Enhancement - Fix Issue #343 - REST CALL - use nobody context to optimize rest calls performance in large scale environments
SHA-256: 04655d6284b7993b0756970395989edcf683dae24de02d71950f739e90100673
- Enhancement - Issue #335 - addresses memory overhead of the metric trackers using span=1s by default
- Fix - Issue #336 - Fix - SmartStatus - future tolerance macro is not taken into account by the endpoint
- Fix - Issue #333 - Nav - Wrong search for metric hosts allow list collection
- Fix - Issue #337 - Data sources - Short term tracker run via the UI should use latest=+4h, long term tracker should match savedsearch earliest=-24h latest=-4h
- Fix - Issue #338 - Splunk 8.2 regression in rootUri for UI TrackMe manage drilldowns to macro due to a root URL change in manager
- Fix - Issue #339 - Data sources - Data source overview chart tab should honor the trackme_tstats_main_filter macro
- Change - Nav - remaining whitelist and blocklists terms
SHA-256: eb4a88c099cec331a140a1d01bd50f80f1933e72dba070300be770b4ad10686b
- Fix - Issue #328 - Data host - Regex based block lists are not honored as documented
- Fix - Issue #329 - Data host - Splunk 8.2 regression with multivalue aggregation caused by a change in behaviour
- Change: Update splunktaucclib to 4.2.0
- Change: Update splunktalib to 1.2.1
SHA-256: 028320f7b844ec7174dd3b0f7b6759c55e2fa81b38d5602f1203f1397ce833a8
- Enhancement - Issue #327 - Smart Status - Add search history quick access button in Smart Status screens
- Fix - Issue #324 - Lagging classes - lagging classes applying at the same level (all/data_source/data_host) for different types of objects and the same name are not honoured properly due to a logic default in the lookup mapping
SHA-256: dc49675ed78f0220f93831290f6264e9e72b769b2e0e034fe9e4bd84c73c6c6c
- Feature - Issue #312 - Migration from Addon Builder based libs to Splunk Addon factory UCC based libs
- Feature - Issue #316 - Provides day time filtering options when creating custom alerts
SHA-255: dd486556c13546072a4c98e5d3de7637f0bec037d7409f57e8e44bb4e899bd9d
- Fix Issue #310 - Alert actions - Dropdown object in Smart Status tab rendering errors
SHA-256: 8dd8ce8341494d5bfe5dc56a58d3dd9aec7d325fc2a4e50db21972f22bf09760
This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:
- Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
- Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
- Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
- Splunk SA CIM - Splunk Common Information Model, Splunk Base: https://splunkbase.splunk.com/app/1621
TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
https://trackme.readthedocs.io/en/latest/configuration.html
- Fix Issue #308 - Alert actions - extraction failure for Smart Status in the UI for rendering purposes
SHA-256: e374c88b4eae86bcc316b0f8c644687d226f068c7ef5e370a60dbb6a5d0ca10e
This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:
- Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
- Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
- Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
- Splunk SA CIM - Splunk Common Information Model, Splunk Base: https://splunkbase.splunk.com/app/1621
TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
https://trackme.readthedocs.io/en/latest/configuration.html
- Feature - Issue #306 - Alert actions - UI enhancements
- Fix - Issue #305 - Custom alerts - created alerts should set alert.digest_mode
SHA-256: 3d38f397569904ae956b91ab57b96bf8c9c406cf6fb3a380858459918667708c
**CAUTION:**
This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:
- Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
- Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
- Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
- Splunk SA CIM - Splunk Common Information Model, Splunk Base: https://splunkbase.splunk.com/app/1621
See releases notes: https://trackme.readthedocs.io/en/latest/releasenotes.html
- Enhancement - Issue #297 - Performances - Long term tracker improvements
SHA-256: 7717f9b532f16274d817e23024232e780d28cffc871b41c7b0c7af4c7abfb748
- Fix - Issue #287 - Since version 1.2.37 most of interractions in the UI are made via TrackMe rest endpoints, however the capability list_settings is required for non privileged users and should be added to the trackme_admin role
SHA-256: b5af9d1568dd7aa221aa0e99c23c6640a75c08f19161a318808d6ab1922c0605
- Enhancement - Issue #279 - Decomission of the getlistdef custom command in favor of a simpler and cleaner pure SPL approach
- Enhancement - Issue #280 - Add new REST endpoint to manage logical group associations
- Enhancement - Issue #285 - Flipping statuses workflow improvements
- Change - Issue #275 - permissions - provides a builtin trackme_user role to handle the minimal non admin access for TrackMe
- Change - Issue #276 - User Interface - Migration of Ajax javascript REST calls made within the UI from splunkd to TrackMe based API endpoints
- Change - Issue #278 - Upgrade of splunklib Python SDK to latest release 1.6.15
- Fix - Issue #273 - User Interfaces - Several searches should not kick off start at TrackMe main UI loading time
- Fix - Issue #274 - Data Sources - tags dropdown can render unwanted results when no tags are defined
- Fix - Issue #277 - REST endpoint - the endpoint ds_update_min_dcount_host should allow any as the input
- Feature - Issue #266 - ID cards - Wildcard matching for ID cards allowing matching any number of entities for the same card using wildcards and your naming conventions
- Enhancement - Issue #268 - Backup and Restore - Perform an additional get call in the Backup operation to automically discover any missing backup files
- Fix - Issue #267 - Backup and Restore - Python2 compatibility issues with Splunk 7.x
- Fix - Issue #261 - SLA - SLA reporting should honour allow/block list and not monitored entities #261
- Fix - Issue #266 - ID cards - Updating an existing card within the UI removes other associations with the card that is updated
- Fix - Issue #270 - REST endpoint resources groups wrong exposure for Splunk Web proxied behaviors
SHA-256: 04245537a41766138bcf4a64e9a9fee0fd2be2ed4bbcb5cf01325f5728e79bca
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.