Monitoring Splunk

Clarity on Splunk CM, LM, MC?

munang
Path Finder

Hi
I'm Splunk newbie.

I'm confused about MC, CM, and LM, so I'm asking a question.

1. Is it true that the monitoring console exists to check the indexer's health or CPU usage?

2. If number 1 is correct, I wonder why there is a license usage tab in the monitoring console menu. Does the monitoring console also check the license pool? (Does it also serve as a license master?)

3. Is it correct to say that the indexer cluster master is a role when divided based on Splunk components, and the monitoring console is a built-in function of the cluster master?

Doesn't the monitoring console and the cluster master instance exist separately?

0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @munang,

I agree with you that isn't so clear the managing roles division in Splunk, for this reason I voted for a proposal in Splunk Ideas (https://ideas.splunk.com/ideas/EID-I-48) to have a unique console grouping all the managing roles and i's a future prospect.

Anyway, answering to your questions:

1. Is it true that the monitoring console exists to check the indexer's health or CPU usage?

no it's a reductive affirmation: this is a part of its features: it can monitor all the activities of your Splunk on-premise infrastructure, because you can monitor all servers health status, indexing, searches, hardware resources usage, license consuption and many other things.

2. If number 1 is correct, I wonder why there is a license usage tab in the monitoring console menu. Does the monitoring console also check the license pool? (Does it also serve as a license master?)

license monitoring is one of the monitoring targets of this App, and it isn't mandatory that the MC is also the License Master.

3. Is it correct to say that the indexer cluster master is a role when divided based on Splunk components, and the monitoring console is a built-in function of the cluster master?

no it's wrong. as I said, using MC you can monitor all your Splunk on-premise infrastructure and it isn't a feature of the CM: the MC is a Search Head that usually it's better to put in a dedicated server or at least shared with a low load role as Deployer or License master, not CM or Deployment Server, except maybe (!) for little infrastructures!

Doesn't the monitoring console and the cluster master instance exist separately?

Yes they should: as I said, you can put them in the same server only in labs or for little infrastrctures.

Ciao.

Giuseppe

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi @munang,

I agree with you that isn't so clear the managing roles division in Splunk, for this reason I voted for a proposal in Splunk Ideas (https://ideas.splunk.com/ideas/EID-I-48) to have a unique console grouping all the managing roles and i's a future prospect.

Anyway, answering to your questions:

1. Is it true that the monitoring console exists to check the indexer's health or CPU usage?

no it's a reductive affirmation: this is a part of its features: it can monitor all the activities of your Splunk on-premise infrastructure, because you can monitor all servers health status, indexing, searches, hardware resources usage, license consuption and many other things.

2. If number 1 is correct, I wonder why there is a license usage tab in the monitoring console menu. Does the monitoring console also check the license pool? (Does it also serve as a license master?)

license monitoring is one of the monitoring targets of this App, and it isn't mandatory that the MC is also the License Master.

3. Is it correct to say that the indexer cluster master is a role when divided based on Splunk components, and the monitoring console is a built-in function of the cluster master?

no it's wrong. as I said, using MC you can monitor all your Splunk on-premise infrastructure and it isn't a feature of the CM: the MC is a Search Head that usually it's better to put in a dedicated server or at least shared with a low load role as Deployer or License master, not CM or Deployment Server, except maybe (!) for little infrastructures!

Doesn't the monitoring console and the cluster master instance exist separately?

Yes they should: as I said, you can put them in the same server only in labs or for little infrastrctures.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...