All Apps and Add-ons

Technology Inventory (BETA) - Is something missing?

lycollicott
Motivator

I installed this 3 days ago, but it doesn't seem to have everything - at least that is my assumption.

  1. The inputs.conf intervals of 86400 seconds never ran at all, but I tested a couple at 60 second intervals and they do run that way.
  2. Tag "virtual" is missing.
  3. The dropdowns never populate.

alt text

alt text

0 Karma
1 Solution

sloshburch
Splunk Employee
Splunk Employee

Thanks for your interest! The timing is wild! We JUST posted a complete rewrite of the app (or specifically, the Addon). Would you uninstall that old one and give this a shot?
https://splunkbase.splunk.com/app/3032

View solution in original post

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Thanks for your interest! The timing is wild! We JUST posted a complete rewrite of the app (or specifically, the Addon). Would you uninstall that old one and give this a shot?
https://splunkbase.splunk.com/app/3032

0 Karma

lycollicott
Motivator

It doesn't seem to have an inputs.conf.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

That's correct. Did you see the documentation on the splunkbase site? Let me know if you have any questions so I can learn how to improve the documentation to be more clear about data collection.

0 Karma

lycollicott
Motivator

Oh, this works much better and I am excited about its possibilities. I deployed it to Windows servers in one of our domains and tomorrow I will try it on some Linux servers.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Oh excellent!

To clarify, you mentioned that you "deployed it" to Windows servers and then will try Linux. Did you see in the Details tab in the Install section:

Install the Splunk Add-on for Technology Inventory on any Search Heads in your environment. The Splunk Add-on for Technology Inventory does not need to be installed to any Forwarders, Indexers, or other non-Searching Splunk instances.

In other words, are you doing Searches directly from the web ui of those Windows and Linux servers you mentioned? If not, remember that this app only needs to live on the Search Heads and not on the endpoints. Conversely, both the Splunk Add-on for Unix and Linux and Splunk Add-on for Microsoft Windows need to be installed on the endpoints to do data collection...but not the Splunk Add-on for Technology Inventory.

I hope that clarifies.

0 Karma

lycollicott
Motivator

By deployed, I meant that I enabled those inputs and reloaded them from our deployment server.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Oh cool! I'm surprised they weren't already enabled for operational stuff. Glad to be the one to introduce you to them!

0 Karma

lycollicott
Motivator

I forgot to mention that before I tested with the 60 second interval, this error displayed in the "Deployed Servers" panel:

Error in 'SearchOperator:datamodel': Error in 'DataModelEvaluator': Data model 'Compute_Inventory' was not found.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...