TrackMe

Overview

Details

TrackMe provides automated monitoring and visibility insight of your data sources, with a powerful user interface and workflow for Splunk product owners to detect and alert on lack of availability, abnormal latency, volume outliers detection and quality issues:

- Discover and store key states information of data sources, data hosts and metric hosts availability
- Provides a powerful user interface to manage activation states, configuration and quickly identify data availability failures
- Analyse and detect lack of data and performance lagging of data sources and hosts within your Splunk deployment
- Behaviour analytic with outlier detection based on machine learning outliers calculations
- Behaviour analytic with data sampling and event format recognition, monitor and detect anomalies in raw events to detect event format changes or misbehaviour based on builtin rules and extended with your own custom rules, detect PII data with custom models
- Create elastic sources for any kind of custom monitoring requirements based on tstats / raw / mstats / from searches to fullfill any requirements
- Record and investigate historical changes of statuses, as well as administrators changes (audit flipping and changes)
- Easy administration via graphical human interface from A to Z
- No matters the purpose of your Splunk deployment, trackMe will become an essential piece of your deployment, providing key value for PCI or compliance requirements
- Keep things under your control and be the first to know when data is not available, get alerted before your users get back to you!

Why this application?

Splunk administrators and engineers have to spend a good amount of time and energy to on-board and monitor data sources, which becomes more and more complex and time consuming with the explosion of volume and variety of data.

However, it is very frequent to realise after math that something went wrong, for some reason the sender stopped sending, an upgrade broke a configuration, a network rule was lost, an unexpected side effect of a change occurred, parsing issues are not detected...

No administrator should be informed of an issue in the data flow by the customer or the end users, this is why you need pro-activity, costless and scalable availability monitoring.

with the massive amount and variety of data sources, this becomes easily a painful and problematic activity, this application aims to drastically help you in these daily tasks.

TrackMe provides a handy user interface associated with an efficient data discovery, state and alerting workflow.

Made by Splunk admins for Splunk admins, the TrackMe application provides builtin powerful features to monitor and administer you data source monitoring the easy way!

See: https://trackme.readthedocs.io

Online Documentation: https://trackme.readthedocs.io

ITSI integration: https://trackme.readthedocs.io/en/latest/itsi_integration.html

Cribl Logstream integration: https://trackme.readthedocs.io/en/testing/cribl_integration.html

This project is hosted in GitHub: https://github.com/guilhemmarchand/trackme

Open an issue: https://github.com/guilhemmarchand/trackme/issues

REST API reference manual: https://trackme.readthedocs.io/en/testing/rest_api_reference.html

Dependencies:

Since TrackMe 1.2.0, there are dependencies:

Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
Splunk SA CIM - Splunk Common Information Model, Splunk Base: https://splunkbase.splunk.com/app/1621 (required for alert actions and result ingestion purposes)

Installation:

See instructions: https://trackme.readthedocs.io/en/latest/deployment.html

TrackMe runs on the search heads only (or monitoring console host if you decide to deploy TrackMe in this instance), the only indexer level dependencies is the definition of an event index and a metric index. TrackMe should not be deployed to the indexers or any level of forwarders.

Release Notes

Version 1.2.45

April 29, 2021

- Feature - Issue #312 - Migration from Addon Builder based libs to Splunk Addon factory UCC based libs
- Feature - Issue #316 - Provides day time filtering options when creating custom alerts

SHA-255: dd486556c13546072a4c98e5d3de7637f0bec037d7409f57e8e44bb4e899bd9d

Version 1.2.44

April 12, 2021

- Fix Issue #310 - Alert actions - Dropdown object in Smart Status tab rendering errors

SHA-256: 8dd8ce8341494d5bfe5dc56a58d3dd9aec7d325fc2a4e50db21972f22bf09760

Version 1.2.43

April 12, 2021

This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

- Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
- Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
- Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
- Splunk SA CIM - Splunk Common Information Model, Splunk Base: https://splunkbase.splunk.com/app/1621

TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
https://trackme.readthedocs.io/en/latest/configuration.html

- Fix Issue #308 - Alert actions - extraction failure for Smart Status in the UI for rendering purposes

SHA-256: e374c88b4eae86bcc316b0f8c644687d226f068c7ef5e370a60dbb6a5d0ca10e

Version 1.2.42

April 12, 2021

This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

- Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
- Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
- Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
- Splunk SA CIM - Splunk Common Information Model, Splunk Base: https://splunkbase.splunk.com/app/1621

TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
https://trackme.readthedocs.io/en/latest/configuration.html

- Feature - Issue #306 - Alert actions - UI enhancements
- Fix - Issue #305 - Custom alerts - created alerts should set alert.digest_mode

SHA-256: 3d38f397569904ae956b91ab57b96bf8c9c406cf6fb3a380858459918667708c

Version 1.2.41

April 9, 2021

**CAUTION:**

This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

- Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
- Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
- Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
- Splunk SA CIM - Splunk Common Information Model, Splunk Base: https://splunkbase.splunk.com/app/1621

See releases notes: https://trackme.readthedocs.io/en/latest/releasenotes.html

Version 1.2.40

March 30, 2021

- Enhancement - Issue #297 - Performances - Long term tracker improvements

SHA-256: 7717f9b532f16274d817e23024232e780d28cffc871b41c7b0c7af4c7abfb748

Version 1.2.38

March 16, 2021

- Fix - Issue #287 - Since version 1.2.37 most of interractions in the UI are made via TrackMe rest endpoints, however the capability list_settings is required for non privileged users and should be added to the trackme_admin role

SHA-256: b5af9d1568dd7aa221aa0e99c23c6640a75c08f19161a318808d6ab1922c0605

Version 1.2.37

March 14, 2021

- Enhancement - Issue #279 - Decomission of the getlistdef custom command in favor of a simpler and cleaner pure SPL approach
- Enhancement - Issue #280 - Add new REST endpoint to manage logical group associations
- Enhancement - Issue #285 - Flipping statuses workflow improvements
- Change - Issue #275 - permissions - provides a builtin trackme_user role to handle the minimal non admin access for TrackMe
- Change - Issue #276 - User Interface - Migration of Ajax javascript REST calls made within the UI from splunkd to TrackMe based API endpoints
- Change - Issue #278 - Upgrade of splunklib Python SDK to latest release 1.6.15
- Fix - Issue #273 - User Interfaces - Several searches should not kick off start at TrackMe main UI loading time
- Fix - Issue #274 - Data Sources - tags dropdown can render unwanted results when no tags are defined
- Fix - Issue #277 - REST endpoint - the endpoint ds_update_min_dcount_host should allow any as the input

Version 1.2.36

March 1, 2021

- Feature - Issue #266 - ID cards - Wildcard matching for ID cards allowing matching any number of entities for the same card using wildcards and your naming conventions
- Enhancement - Issue #268 - Backup and Restore - Perform an additional get call in the Backup operation to automically discover any missing backup files
- Fix - Issue #267 - Backup and Restore - Python2 compatibility issues with Splunk 7.x
- Fix - Issue #261 - SLA - SLA reporting should honour allow/block list and not monitored entities #261
- Fix - Issue #266 - ID cards - Updating an existing card within the UI removes other associations with the card that is updated
- Fix - Issue #270 - REST endpoint resources groups wrong exposure for Splunk Web proxied behaviors

SHA-256: 04245537a41766138bcf4a64e9a9fee0fd2be2ed4bbcb5cf01325f5728e79bca

1,376

Installs

5,310

Downloads

Share Subscribe

Version

Built by

Guilhem Marchand

Support

Developer Supported

Contact Developer Questions on Splunk Answers Flag as inappropriate

App Contents: Alert Actions

Compatibility

This version is not yet available for Splunk Cloud.

Products: Splunk Enterprise, Splunk Cloud

Products: Splunk Enterprise

Products: Splunk Enterprise, Splunk Cloud

Products: Splunk Enterprise

Products: Splunk Enterprise, Splunk Cloud