TrackMe

Overview

Details

TrackMe provides automated monitoring and visibility insight of your data sources, with a powerful user interface and workflow for Splunk product owners to detect and alert on lack of availability, abnormal latency, volume outliers detection and quality issues:

- Discover and store key states information of data sources, data hosts and metric hosts availability
- Provides a powerful user interface to manage activation states, configuration and quickly identify data availability failures
- Analyse and detect lack of data and performance lagging of data sources and hosts within your Splunk deployment
- Behaviour analytic with outlier detection based on machine learning outliers calculations
- Behaviour analytic with data sampling and event format recognition, monitor and detect anomalies in raw events to detect event format changes or misbehaviour based on builtin rules and extended with your own custom rules, detect PII data with custom models
- Create elastic sources for any kind of custom monitoring requirements based on tstats / raw / mstats / from searches to fullfill any requirements
- Record and investigate historical changes of statuses, as well as administrators changes (audit flipping and changes)
- Easy administration via graphical human interface from A to Z
- No matters the purpose of your Splunk deployment, trackMe will become an essential piece of your deployment, providing key value for PCI or compliance requirements
- Keep things under your control and be the first to know when data is not available, get alerted before your users get back to you!

Why this application?

Splunk administrators and engineers have to spend a good amount of time and energy to on-board and monitor data sources, which becomes more and more complex and time consuming with the explosion of volume and variety of data.

However, it is very frequent to realise after math that something went wrong, for some reason the sender stopped sending, an upgrade broke a configuration, a network rule was lost, an unexpected side effect of a change occurred, parsing issues are not detected...

No administrator should be informed of an issue in the data flow by the customer or the end users, this is why you need pro-activity, costless and scalable availability monitoring.

with the massive amount and variety of data sources, this becomes easily a painful and problematic activity, this application aims to drastically help you in these daily tasks.

TrackMe provides a handy user interface associated with an efficient data discovery, state and alerting workflow.

Made by Splunk admins for Splunk admins, the TrackMe application provides builtin powerful features to monitor and administer you data source monitoring the easy way!

See: https://trackme.readthedocs.io

# Python compatibility: TrackMe is fully compatible with Python3

Python compatibility: TrackMe is fully compatible with Python3 only environments

Online Documentation: https://trackme.readthedocs.io

ITSI integration: https://trackme.readthedocs.io/en/latest/itsi_integration.html

Cribl Logstream integration: https://trackme.readthedocs.io/en/testing/cribl_integration.html

This project is hosted in GitHub: https://github.com/guilhemmarchand/trackme

Open an issue: https://github.com/guilhemmarchand/trackme/issues

REST API reference manual: https://trackme.readthedocs.io/en/testing/rest_api_reference.html

Dependencies:

Since TrackMe 1.2.0, there are dependencies:

Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
Splunk SA CIM - Splunk Common Information Model, Splunk Base: https://splunkbase.splunk.com/app/1621 (required for alert actions and result ingestion purposes)

Installation:

See instructions: https://trackme.readthedocs.io/en/latest/deployment.html

TrackMe runs on the search heads only (or monitoring console host if you decide to deploy TrackMe in this instance), the only indexer level dependencies is the definition of an event index and a metric index. TrackMe should not be deployed to the indexers or any level of forwarders.

Release Notes

Version 1.2.54

Oct. 22, 2021

Splunk 8.x and Python3 support only

- Fix - Issue #368 - Disable the KVstore to indexers replication for the kv_trackme_objects_summary collection

SHA-256: 2f4f9da4b0c3686bc0a3d2bb7b6c4c542be96168102d5c13248cd7f9548e6261

Version 1.2.53

Aug. 17, 2021

Splunk 8.x and Python3 support only

- Fix - Issue #362 - Windows based deployment reports ERROR JSON reply had no "payload" value in rest calls

SHA-256: 2e10e97cace330763f3f1b1394b0642bc1256c82eec8da38d842337edc2f2411

Version 1.2.52

Aug. 7, 2021

WARNING! Splunk 8.x and Python3 support only

Starting from this release, only Splunk 8.x and Python3 are supported
Some functions such as builtin alert actions are not compatible any longer with Python2 and Splunk 7.x
For the latest version available for Splunk 7.x, see the release 1.2.51

release notes:

Enhancement - Issue #360 - JQuery upgrade for Simple XML dashboards
Enhancement - migration to ucc-gen for the librairies management and the app generation
Change - Python2 and Splunk 7.x support is dropped starting from this release, TrackMe now only supports Splunk 8.x and Python3

SHA-256: 1e6bc7058041453f53c0b2f12dcaa736c9b0be2bf20bd3dd0e236e2e89a3dd95

Version 1.2.51

Aug. 5, 2021

Fix - Issue #356 - trackme.py endpoint check can be circumvented to perform REST calls to endpoints external to TrackMe
Fix - Issue #357 - In Splunk Cloud the UI manage and configure will not provide the right URL for quick access to the macro definition

Version 1.2.50

Aug. 2, 2021

Fix - Issue #352 - Splunk 8.2 regression in data sampling engine causes only 1 event to be stored in the sampling KVstore post execution due stats first(*) change in behaviour

SHA-256: aa8e56b8727e605b0227ba9418a8c71db395ad7c180b6c45c1c0bd3c4ed7b014

Version 1.2.49

June 22, 2021

Enhancement - Fix Issue #343 - REST CALL - use nobody context to optimize rest calls performance in large scale environments

SHA-256: 04655d6284b7993b0756970395989edcf683dae24de02d71950f739e90100673

Version 1.2.48

June 20, 2021

Enhancement - Issue #335 - addresses memory overhead of the metric trackers using span=1s by default
Fix - Issue #336 - Fix - SmartStatus - future tolerance macro is not taken into account by the endpoint
Fix - Issue #333 - Nav - Wrong search for metric hosts allow list collection
Fix - Issue #337 - Data sources - Short term tracker run via the UI should use latest=+4h, long term tracker should match savedsearch earliest=-24h latest=-4h
Fix - Issue #338 - Splunk 8.2 regression in rootUri for UI TrackMe manage drilldowns to macro due to a root URL change in manager
Fix - Issue #339 - Data sources - Data source overview chart tab should honor the trackme_tstats_main_filter macro
Change - Nav - remaining whitelist and blocklists terms

SHA-256: eb4a88c099cec331a140a1d01bd50f80f1933e72dba070300be770b4ad10686b

Version 1.2.47

May 26, 2021

Fix - Issue #328 - Data host - Regex based block lists are not honored as documented
Fix - Issue #329 - Data host - Splunk 8.2 regression with multivalue aggregation caused by a change in behaviour
Change: Update splunktaucclib to 4.2.0
Change: Update splunktalib to 1.2.1

SHA-256: 028320f7b844ec7174dd3b0f7b6759c55e2fa81b38d5602f1203f1397ce833a8

Version 1.2.46

May 9, 2021

Enhancement - Issue #327 - Smart Status - Add search history quick access button in Smart Status screens
Fix - Issue #324 - Lagging classes - lagging classes applying at the same level (all/data_source/data_host) for different types of objects and the same name are not honoured properly due to a logic default in the lookup mapping

SHA-256: dc49675ed78f0220f93831290f6264e9e72b769b2e0e034fe9e4bd84c73c6c6c

Version 1.2.45

April 29, 2021

Feature - Issue #312 - Migration from Addon Builder based libs to Splunk Addon factory UCC based libs
Feature - Issue #316 - Provides day time filtering options when creating custom alerts

SHA-255: dd486556c13546072a4c98e5d3de7637f0bec037d7409f57e8e44bb4e899bd9d

Version 1.2.44

April 12, 2021

Fix Issue #310 - Alert actions - Dropdown object in Smart Status tab rendering errors

SHA-256: 8dd8ce8341494d5bfe5dc56a58d3dd9aec7d325fc2a4e50db21972f22bf09760

Version 1.2.43

April 12, 2021

This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
Splunk SA CIM - Splunk Common Information Model, Splunk Base: https://splunkbase.splunk.com/app/1621

TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
https://trackme.readthedocs.io/en/latest/configuration.html

Fix Issue #308 - Alert actions - extraction failure for Smart Status in the UI for rendering purposes

SHA-256: e374c88b4eae86bcc316b0f8c644687d226f068c7ef5e370a60dbb6a5d0ca10e

Version 1.2.42

April 12, 2021

This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
Splunk SA CIM - Splunk Common Information Model, Splunk Base: https://splunkbase.splunk.com/app/1621

TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
https://trackme.readthedocs.io/en/latest/configuration.html

Feature - Issue #306 - Alert actions - UI enhancements
Fix - Issue #305 - Custom alerts - created alerts should set alert.digest_mode

SHA-256: 3d38f397569904ae956b91ab57b96bf8c9c406cf6fb3a380858459918667708c

Version 1.2.41

April 9, 2021

CAUTION:

This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
Splunk SA CIM - Splunk Common Information Model, Splunk Base: https://splunkbase.splunk.com/app/1621

See releases notes: https://trackme.readthedocs.io/en/latest/releasenotes.html

Version 1.2.40

March 30, 2021

Enhancement - Issue #297 - Performances - Long term tracker improvements

SHA-256: 7717f9b532f16274d817e23024232e780d28cffc871b41c7b0c7af4c7abfb748

Version 1.2.38

March 16, 2021

Fix - Issue #287 - Since version 1.2.37 most of interractions in the UI are made via TrackMe rest endpoints, however the capability list_settings is required for non privileged users and should be added to the trackme_admin role

SHA-256: b5af9d1568dd7aa221aa0e99c23c6640a75c08f19161a318808d6ab1922c0605

Version 1.2.37

March 14, 2021

Enhancement - Issue #279 - Decomission of the getlistdef custom command in favor of a simpler and cleaner pure SPL approach
Enhancement - Issue #280 - Add new REST endpoint to manage logical group associations
Enhancement - Issue #285 - Flipping statuses workflow improvements
Change - Issue #275 - permissions - provides a builtin trackme_user role to handle the minimal non admin access for TrackMe
Change - Issue #276 - User Interface - Migration of Ajax javascript REST calls made within the UI from splunkd to TrackMe based API endpoints
Change - Issue #278 - Upgrade of splunklib Python SDK to latest release 1.6.15
Fix - Issue #273 - User Interfaces - Several searches should not kick off start at TrackMe main UI loading time
Fix - Issue #274 - Data Sources - tags dropdown can render unwanted results when no tags are defined
Fix - Issue #277 - REST endpoint - the endpoint ds_update_min_dcount_host should allow any as the input

Version 1.2.36

March 1, 2021

Feature - Issue #266 - ID cards - Wildcard matching for ID cards allowing matching any number of entities for the same card using wildcards and your naming conventions
Enhancement - Issue #268 - Backup and Restore - Perform an additional get call in the Backup operation to automically discover any missing backup files
Fix - Issue #267 - Backup and Restore - Python2 compatibility issues with Splunk 7.x
Fix - Issue #261 - SLA - SLA reporting should honour allow/block list and not monitored entities #261
Fix - Issue #266 - ID cards - Updating an existing card within the UI removes other associations with the card that is updated
Fix - Issue #270 - REST endpoint resources groups wrong exposure for Splunk Web proxied behaviors

SHA-256: 04245537a41766138bcf4a64e9a9fee0fd2be2ed4bbcb5cf01325f5728e79bca

2,669

Installs

7,132

Downloads

Share Subscribe

Version

Built by

Guilhem Marchand

Support

Developer Supported

Contact Developer Questions on Splunk Answers Flag as inappropriate

App Contents: Alert Actions

Compatibility

This version of the app (1.2.51) is not available for Splunk Cloud. However, version 1.2.54 of this app is available for Splunk Cloud.

This version of the app (1.2.48) is not available for Splunk Cloud. However, version 1.2.54 of this app is available for Splunk Cloud.

This version of the app (1.2.43) is not available for Splunk Cloud. However, version 1.2.54 of this app is available for Splunk Cloud.

This version of the app (1.2.42) is not available for Splunk Cloud. However, version 1.2.54 of this app is available for Splunk Cloud.

This version of the app (1.2.41) is not available for Splunk Cloud. However, version 1.2.54 of this app is available for Splunk Cloud.

This version of the app (1.2.40) is not available for Splunk Cloud. However, version 1.2.54 of this app is available for Splunk Cloud.

This version of the app (1.2.37) is not available for Splunk Cloud. However, version 1.2.54 of this app is available for Splunk Cloud.

Products: Splunk Enterprise, Splunk Cloud

Products: Splunk Enterprise

Products: Splunk Enterprise, Splunk Cloud

Products: Splunk Enterprise

Products: Splunk Enterprise, Splunk Cloud

Products: Splunk Enterprise

Products: Splunk Enterprise, Splunk Cloud

Products: Splunk Enterprise

Products: Splunk Enterprise, Splunk Cloud

Splunk Versions: 8.0, 8.1, 8.2