TrackMe
Overview
Details
- Discover and store key states information of data sources, data hosts and metric hosts availability
- Provides a powerful user interface to manage activation states, configuration and quickly trouble availability failure detection
- Analyse and detect lack of data and performance lagging of data sources and hosts within your Splunk deployment
- Record and investigate historical changes of statuses, as well as administrators changes (audit flipping and changes)
- Easy administration via graphical human interface from A to Z
- No matters the purpose of your Splunk deployment, trackMe will easily become an essential and easy piece of your deployment, and even providing efficient answers to PCI and compliance requirements
- Never let again your team be the last to discover what empty and no results found mean!
Why this application?
Splunk administrators and engineers have to spend a good amount of time and energy to on-board new data sources, another data source after another data source.
However, it is very frequent to realise after math that something went wrong, for some reason the sender stopped sending, an upgrade broke a configuration, a network rule was lost…
No administrator should be informed of an issue in the data flow by the customer or end users, this is why you need pro-activity and cost less availability monitoring.
with the massive amount of data sources, this becomes easily a painful and time consuming activity, this application aims to drastically help you in these tasks.
This tiny application provides a handy user interface associated with a simple but efficient data discovery, state and alerting workflow.
Made by Splunk admins for Splunk admins, the TrackMe application provides builtin powerful features to monitor and administer you data source monitoring the easy way!
Use case for TrackMe?
No matters the purpose of your Splunk deployment, trackMe will easily become an essential and positive piece of your Splunk journey:
- Security Operation Centers (SOC) with or without Enterprise Security compliance: detect lack of data, abnormal latency potentially impacting your security posture
- PCI and compliance: deliver, alert and action
- Monitoring and insight visibility about your indexes, sourcetypes, events and metrics
- General data activity monitoring and detection of Zombie data
Online Documentation: https://trackme.readthedocs.io
This project is hosted in Github: https://github.com/guilhemmarchand/trackme
Open an issue: https://github.com/guilhemmarchand/trackme/issues
Release Notes
Version 1.0.35
Version 1.0.35:
- fix: Ops indexers queues issue, first queue should be splunk tcpin queue
Version 1.0.34
Version 1.0.34
- feature: introduction of the concept of source identity card, allows defining and store a documentation link and note for data sources, which identity cards are made available automatically via the UI and via the OOTB alert. Identity cards records can be created, maintained and deleted via the UI.
- feature: increase default size of modal windows
- feature: fixed charts color for data sources and data hosts events vs lag embedded charts
- feature: add last 48 hours in link time selectors
Version 1.0.33
Version 1.0.33
- fix: Avoids post processed searches in the Mobile dashboard, better single form placement for Apple TV rendering
Version 1.0.32
- fix: Performance issues with TrackMe mobile dashboard on mobile devices
- fix: TrackMe does not honour indexes whitelisting for metric hosts
- fix: Add metric host lookup in initial configuration load check operation
- fix: Wrong message for flush of metric KVstore collection
- feature: Remove management features from main UI to be transferred to a second management UI available from the nav menu
Version 1.0.32
Version 1.0.32
- fix: Performance issues with TrackMe mobile dashboard on mobile devices
- fix: TrackMe does not honour indexes whitelisting for metric hosts
- fix: Add metric host lookup in initial configuration load check operation
- fix: Wrong message for flush of metric KVstore collection
- feature: Remove management features from main UI to be transferred to a second management UI available from the nav menu
Version 1.0.31
Version 1.0.31
- fix: Regression in flipping state introduced by metric implementation, does not trigger anymore for events indexes
- feature: Add auditing view to report on application scheduling search workload
- feature: Nav menus re-organised
Version 1.0.30
Version 1.0.30
- fix: Splunk Mobile Dashboard does not honour whitelist and blacklists for data sources
Version 1.0.29
Version 1.0.29
- fix: errors in Splunk Mobile dashboard (Any priority SLA alerts singles do not filter on red state)
- fix: better table rendering in Splunk Mobile dashboard for metric hosts
Version 1.0.28
Version 1.0.28:
- feature: Introducing support for metric store availability monitoring with metric hosts and granular detection of metric availability failure and latency
- feature: Refresh button in all modal windows, improved placements for buttons, improved navigation coherence between modal windows
- fix: data host modal embedded charts and table should honour tstats main filter, whitelists and blacklists
- fix: Improved Mobile dashboard
- fix: appinspect failure with metric_host variable replacement in "trackMe - metric host live report" report
- fix: appinspect failure with metric_host variable replacement in "trackMe - metric per host table report"
- fix: collection key id retrieval fails if a metric category has been blacklisted for an existing object
Version 1.0.24
Version 1.0.24:
See: https://trackme.readthedocs.io/en/latest/releasenotes.html
- feature: Whitelisting major improvement with UI supported and driven whitelisting of indexes at data discovery and search time (Issue #27)
- feature: Improve builtin choices for time input link selection within modal windows
- feature: Abstract tracker saved searches to remove useless code redundancy
- fix: Remove auto-refresh search link for searches which shouldn’t be refreshed automatically (audit changes & flip, various collection management)
- fix: Drilldown on any priority entities in alert should define monitored_state to enabled
- fix: Monitor split share percentage error (Single forms shall share 25% each)
- fix: Lagging class auditing can register an incorrect type of operation
- fix: error in lib path call to the new custom command for whitelisting
- fix: appinspect failure related to issue above
- fix: appinspect failure to local=true in commands.conf
...
Version 1.0.21
- feature: Introducing a priority (low/medium/high) concept to ease granular alerting of data sources and hosts
- feature: Home landing page reviewed to expose data sources and host and any alert, and with high priority in alerts
- feature: Colored vignette design in modal window to ease investigating statuses
- feature: Default OOTB alerts now filter on red, and medium (default priority) or high priority entities
- feature: Improvement of OOTB alerts (outputs by default human readable time stamps for key fields)
- feature: TrackMe Mobile dashboard for dark theme summary view compatible with Splunk Mobile Experience (Apple TV, Mobile)
- feature: Improved navigation for unified modification modal windows
- feature: Drilldown on single forms, defines filtering based on the single form purpose
- feature: Manage and configure tab in main UI, access to reset collections functions or key macros definition and short cuts
- fix: (review https://trackme.readthedocs.io/en/latest/releasenotes.html#version-1-0-21)
Version 1.0.20
Version 1.0.20
- fix: Issue #34: Lagging class override for data_source is not registered properly
Version 1.0.19
Version 1.0.19:
- Fix: Issue #32, if the data is offline for a long period that is out of the scope of the long term trackers, the last lag seen in seconds is not properly updated at each run time of the trackers.
Version 1.0.18
Version 1.0.18
- Fix: data index dropdown shouldn’t itself be filtering on selected index
Version 1.0.17
Version 1.0.17
- Feature: Unified update modal Windows for data source and host modification
- Feature: Suspension effect when modification of entity is registered
- Fix: Prevent bootstrap button to remain focused once clicked
Version 1.0.16
Version 1.0.16:
- Fix: Dropdown populating issues caused by 1.0.15 update
Version 1.0.15
- Feature: Provide a time range picker for audit flipping and audit changes investigations
Version 1.0.15
Version 1.0.15
- Feature: Provide a time range picker for audit flipping and audit changes investigations
Version 1.0.14
Version 1.0.14
- Fix: Flipping chart over time should be stacked
Version 1.0.13
Version 1.0.13
- Fix: Flipping object dropdown populating issue
Version 1.0.12
- Fix: Flipping audit tracker is not filtering on monitored entities
Version 1.0.11
- Feature: Introducing status flipping audit and investigation to record and report on historical changes of data sources and hosts status
Version 1.0.12
Version 1.0.12:
- Fix: Flipping audit tracker is not filtering on monitored entities
Version 1.0.11:
- Feature: Introducing status flipping audit and investigation to record and report on historical changes of data sources and hosts status
Version 1.0.11
Version 1.0.11
- Feature: Introducing status flipping audit and investigation to record and report on historical changes of data sources and hosts status
Version 1.0.10
Version 1.0.10
- Feature: Provides a trackme_admin role with relevant default meta configuration to allow granular access control for non admin users
Version 1.0.9
Version 1.0.9
- Fix: bad reference to a group in default Meta
Version 1.0.8
Version 1.0.8
- Feature: Add dropdown filters for data host monitoring (data_index, data_sourcetype)
- Feature: Improve filtering logics
Version 1.0.7
Version 1.0.7
- Fix: Missing lagging class button in data sources view
Version 1.0.6
Version 1.0.6
- Fix: Minor UI fixes
- Fix: Remove include_reduced_buckets for Splunk pre 7.3.x compatibility