Monitoring Splunk

Clarity on Splunk CM, LM, MC?

munang
Path Finder

Hi
I'm Splunk newbie.

I'm confused about MC, CM, and LM, so I'm asking a question.

1. Is it true that the monitoring console exists to check the indexer's health or CPU usage?

2. If number 1 is correct, I wonder why there is a license usage tab in the monitoring console menu. Does the monitoring console also check the license pool? (Does it also serve as a license master?)

3. Is it correct to say that the indexer cluster master is a role when divided based on Splunk components, and the monitoring console is a built-in function of the cluster master?

Doesn't the monitoring console and the cluster master instance exist separately?

0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @munang,

I agree with you that isn't so clear the managing roles division in Splunk, for this reason I voted for a proposal in Splunk Ideas (https://ideas.splunk.com/ideas/EID-I-48) to have a unique console grouping all the managing roles and i's a future prospect.

Anyway, answering to your questions:

1. Is it true that the monitoring console exists to check the indexer's health or CPU usage?

no it's a reductive affirmation: this is a part of its features: it can monitor all the activities of your Splunk on-premise infrastructure, because you can monitor all servers health status, indexing, searches, hardware resources usage, license consuption and many other things.

2. If number 1 is correct, I wonder why there is a license usage tab in the monitoring console menu. Does the monitoring console also check the license pool? (Does it also serve as a license master?)

license monitoring is one of the monitoring targets of this App, and it isn't mandatory that the MC is also the License Master.

3. Is it correct to say that the indexer cluster master is a role when divided based on Splunk components, and the monitoring console is a built-in function of the cluster master?

no it's wrong. as I said, using MC you can monitor all your Splunk on-premise infrastructure and it isn't a feature of the CM: the MC is a Search Head that usually it's better to put in a dedicated server or at least shared with a low load role as Deployer or License master, not CM or Deployment Server, except maybe (!) for little infrastructures!

Doesn't the monitoring console and the cluster master instance exist separately?

Yes they should: as I said, you can put them in the same server only in labs or for little infrastrctures.

Ciao.

Giuseppe

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi @munang,

I agree with you that isn't so clear the managing roles division in Splunk, for this reason I voted for a proposal in Splunk Ideas (https://ideas.splunk.com/ideas/EID-I-48) to have a unique console grouping all the managing roles and i's a future prospect.

Anyway, answering to your questions:

1. Is it true that the monitoring console exists to check the indexer's health or CPU usage?

no it's a reductive affirmation: this is a part of its features: it can monitor all the activities of your Splunk on-premise infrastructure, because you can monitor all servers health status, indexing, searches, hardware resources usage, license consuption and many other things.

2. If number 1 is correct, I wonder why there is a license usage tab in the monitoring console menu. Does the monitoring console also check the license pool? (Does it also serve as a license master?)

license monitoring is one of the monitoring targets of this App, and it isn't mandatory that the MC is also the License Master.

3. Is it correct to say that the indexer cluster master is a role when divided based on Splunk components, and the monitoring console is a built-in function of the cluster master?

no it's wrong. as I said, using MC you can monitor all your Splunk on-premise infrastructure and it isn't a feature of the CM: the MC is a Search Head that usually it's better to put in a dedicated server or at least shared with a low load role as Deployer or License master, not CM or Deployment Server, except maybe (!) for little infrastructures!

Doesn't the monitoring console and the cluster master instance exist separately?

Yes they should: as I said, you can put them in the same server only in labs or for little infrastrctures.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...