All Apps and Add-ons

Need help with Configurations Analytics App for Splunk for configurations management.

sayantabasak
Explorer

Hello Andrew @landen99

First of all a big thanks for coming up with this great app concept. I would love to leverage it to do some splunk internal configuration monitoring and management.

I have got started with the app and gone thought the readme file. Once I downloaded the main app I found it has multiple sub directories. I have understood their functions but unable to kick start them to do their job.

ca_idx --> has been copied to indexer which created the required indexes --> working fine
ca_win/default --> has been configured to onboard logs windows/linux --> works fine

But ca_sh,ca_btool,ca_tool is where I am stuck. Are they supposed to reside within the parent app config_analytics in the search head or should i put them independently under etc/apps folder in the search head ? Even though the data is correctly coming in , I am unable to leverage any of the dashboard functionality since these 3 sub apps seems to be broken. Any help would be highly appreciated.

Finally thank you Gregg @woodcock for highlighting this app in .conf18.

0 Karma

dillardo_2
Path Finder

We got most of them working by placing each folder under /etc/apps.
Still working on Windows and SH monitoring.

0 Karma

landen99
Motivator

ca_sh, ca_btool, ca_tool are all separate apps for the search head.

ca_sh has the dashboards and searches
ca_tools has extra admin related tools
ca_btool has btool related tools

I haven't had much time yet to work on the app to develop means for connecting and tracking knowledge object dependency changes, but that is a goal. I have been working on my udemy courses: 1) regex in Splunk and 2) fast Splunk searches.

woodcock
Esteemed Legend

The ca_btool goes on every node and ca_sh goes on the Search Heads. I have never had occasion to poke into the ca_tool app so I don't know.

landen99
Motivator

Gregg, You are going to love my next app and talk at .conf19! Improving searches to run 500k times faster against raw data and correlated searches (multiple data sources).

0 Karma

woodcock
Esteemed Legend

You got a talk slot? GOOD FOR YOU! I will not miss it.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...