InSitzes App for Splunk Enterprise Monitoring

The InSitzes App for Splunk Enterprise is a unified monitoring suite that gives administrators actionable insight into ingestion, system performance, workload management, search efficiency, and compute consumption across their Splunk Enterprise deployment. Rather than stitching together the Monitoring Console, license pages, introspection data, and ad-hoc searches, admins get one React-powered dashboard with purpose-built tabs to answer the questions that matter most: Is my environment healthy? Is data flowing reliably? Are searches running efficiently? Am I approaching my license quota? And what would my workload cost under Splunk Cloud compute-based licensing? The Health tab runs 31 automated checks across 8 categories — System, Ingestion, Data Quality, Search, Compute, Workload, Forwarding, and Capacity — with weighted severity scoring and a rolled-up environment health score so you know immediately where to focus. Individual tabs drill into CPU, memory, and disk utilization across every server role (search heads, indexers, cluster manager, deployment server, SHC deployer); live license usage with 7-day trend against daily quota; forwarder throughput, HEC health, SSL and deployment-client issues; sourcetype parsing, timestamp, and debug-event quality; scheduled search execution, skip reasons, and wasteful-search detection; WLM filtered, reclassified, and aborted search rates; and dashboard refresh frequency with base vs. chained search analysis. The Compute tab delivers an hourly-computed SVC estimate — via the bundled insitzes_svc_estimation saved search and dynamic role discovery on _introspection data — so Enterprise admins can see exactly what their workload would cost under Splunk Cloud compute-based licensing, broken down by search head, app, search type, user, and provenance, with an optional Cost Mode. Install on your Monitoring Console search head; ingestion data is read live from _internal license_usage events, eliminating scheduled-lookup maintenance. Pre-built alert saved searches (disabled by default) cover ingestion anomalies, app updates, large lookup files, and redundant scheduled searches.