Monitoring Splunk

Clarity on Splunk CM, LM, MC?

munang
Path Finder

Hi
I'm Splunk newbie.

I'm confused about MC, CM, and LM, so I'm asking a question.

1. Is it true that the monitoring console exists to check the indexer's health or CPU usage?

2. If number 1 is correct, I wonder why there is a license usage tab in the monitoring console menu. Does the monitoring console also check the license pool? (Does it also serve as a license master?)

3. Is it correct to say that the indexer cluster master is a role when divided based on Splunk components, and the monitoring console is a built-in function of the cluster master?

Doesn't the monitoring console and the cluster master instance exist separately?

0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @munang,

I agree with you that isn't so clear the managing roles division in Splunk, for this reason I voted for a proposal in Splunk Ideas (https://ideas.splunk.com/ideas/EID-I-48) to have a unique console grouping all the managing roles and i's a future prospect.

Anyway, answering to your questions:

1. Is it true that the monitoring console exists to check the indexer's health or CPU usage?

no it's a reductive affirmation: this is a part of its features: it can monitor all the activities of your Splunk on-premise infrastructure, because you can monitor all servers health status, indexing, searches, hardware resources usage, license consuption and many other things.

2. If number 1 is correct, I wonder why there is a license usage tab in the monitoring console menu. Does the monitoring console also check the license pool? (Does it also serve as a license master?)

license monitoring is one of the monitoring targets of this App, and it isn't mandatory that the MC is also the License Master.

3. Is it correct to say that the indexer cluster master is a role when divided based on Splunk components, and the monitoring console is a built-in function of the cluster master?

no it's wrong. as I said, using MC you can monitor all your Splunk on-premise infrastructure and it isn't a feature of the CM: the MC is a Search Head that usually it's better to put in a dedicated server or at least shared with a low load role as Deployer or License master, not CM or Deployment Server, except maybe (!) for little infrastructures!

Doesn't the monitoring console and the cluster master instance exist separately?

Yes they should: as I said, you can put them in the same server only in labs or for little infrastrctures.

Ciao.

Giuseppe

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi @munang,

I agree with you that isn't so clear the managing roles division in Splunk, for this reason I voted for a proposal in Splunk Ideas (https://ideas.splunk.com/ideas/EID-I-48) to have a unique console grouping all the managing roles and i's a future prospect.

Anyway, answering to your questions:

1. Is it true that the monitoring console exists to check the indexer's health or CPU usage?

no it's a reductive affirmation: this is a part of its features: it can monitor all the activities of your Splunk on-premise infrastructure, because you can monitor all servers health status, indexing, searches, hardware resources usage, license consuption and many other things.

2. If number 1 is correct, I wonder why there is a license usage tab in the monitoring console menu. Does the monitoring console also check the license pool? (Does it also serve as a license master?)

license monitoring is one of the monitoring targets of this App, and it isn't mandatory that the MC is also the License Master.

3. Is it correct to say that the indexer cluster master is a role when divided based on Splunk components, and the monitoring console is a built-in function of the cluster master?

no it's wrong. as I said, using MC you can monitor all your Splunk on-premise infrastructure and it isn't a feature of the CM: the MC is a Search Head that usually it's better to put in a dedicated server or at least shared with a low load role as Deployer or License master, not CM or Deployment Server, except maybe (!) for little infrastructures!

Doesn't the monitoring console and the cluster master instance exist separately?

Yes they should: as I said, you can put them in the same server only in labs or for little infrastrctures.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...