Splunk on Splunk 3.0 Now Live!

Hello Splunk Admins of the world, we are extremely excited to announce the general availability of the Splunk on Splunk app, version 3.0.  S.o.S, the app that enables you to see inside your Splunks, has grown and now includes many new capabilities that Splunk Admins everywhere have been anxiously waiting for.

These new views and features were chosen according to the top asks from the Splunk Community. Similarly, we rely on your input to identify our priorities for the next version — so please send all your feedback and requests to us and we will do our best to address them.

The result of a joint effort from Splunk Support, Docs, Dev, and PS teams, S.o.S 3.0 introduces the following features.

New View! — Deployment Topology

This view provides a graphical representation of your Splunk deployment, including detailed node information. We leveraged an existing module from our HadoopsOps app, and adapted it to show the different instances of a Splunk deployment in a single view, and to differentiate them based on their primary function. This view also enables Admins to quickly determine the primary details on each instance, such as the version of Splunk currently running, the OS, where the index lives, and other details.

This is the first iteration of this view — we will be working hard in the upcoming dev cycles to enable more functions, such as:

  • Overlays showing resource usage of the various instances
  • Drill-down functionality to dive into thruput metrics
  • Maybe some kind of flashy lights to show you instances that need some attention
    (you never know what we might come up with)

Please send us your thoughts on this and let us know what else you would like to see — email the development team at sos@splunk.com.

New View! — Warnings and Errors > HTTP Response Times for splunkd

This view enables you to evaluate the responsiveness of splunkd’s internal HTTP server, which serves REST API requests from clients such as Splunk Web or the Splunk CLI. During periods of delayed response, you can identify which API requests are taking an abnormally long time to service. You can leverage overlays using other metrics, such as system load and search concurrency, to assess possible causes for poor responsiveness.

New Views! — Indexing > Index Replication

Index Replication - Master


Index Replication - Peers


We have two new views to provide different levels of visibility and statistical information on instances configured to replicate indexes. The views not only give you a snapshot of what buckets have been replicated, their location, and status, but they also let you track data such as the network bandwidth usage associated with bucket replication and the distribution of primary buckets amongst peers.

New View! — Data Inputs > File Monitor Inputs

This view has been a long time coming and we’re really excited to see how useful it can be. It displays information and statistics on the activity of the file monitor input (the tailing processor). This is essentially a web front-end for the tailing processor file status debug endpoint, powered by a custom search command. Among other things, it lets you answer the age-old questions “Why is file X not being read?” or, “Has Splunk finished reading my very large file?”

Currently, this view is only scoped to work on indexers, but we’re looking at expanding the view’s scope to forwarders in a future version. When we’re talking about an environment with 1000’s of forwarders, there are many large scale considerations to be addressed.

New Data Input! — nfs-iostat_sos.py

nfs-iostat_sos.py is a scripted input that monitors the I/O usage and performance of the shared storage volume used by pooled search -heads. We haven’t yet managed to focus on building a view to visualize the data from this but that will come in the next version

Download S.o.S version 3.0

In addition to the 3.0 release of Splunk on Splunk, the S.o.S Technology Add-ons for *nix and for Windows were both updated to correct some minor bugs.

Splunkbase download links:

For more information on the S.o.S app, refer to the app’s Splunkbase page and to the README and RELEASE-NOTES files in the downloaded package.

And remember, you can send all your feedback suggestions and anecdotes to sos@splunk.com. We want to hear all about how you leverage this app and how we can make it even more useful for you!

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*