Monitoring Splunk

Distributed management console

dani9
Explorer

What is the DMC on splunk?
Why should I have need to install it? How should be installed, It is an app?
The monitoring console is not the same thing as that?
I'm configuring and distributed environment so in general setting should I configure it as distributed than standalone? Because if I set it to it it gives me like an error not to configure DMC in search head production

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @dani9,
Monitoring Console is an App contained in Splunk Enterprise installation.
I can confirm that it's a very useful App when you need to monitor your distributed installation because gives to you a centered information point containing all the information about the health status of your infrastructure and permits to debug problems related to it (e.g. insuffiecnt CPUs).

I solved using MC a great performace problem caused by scheduled very heavy searches and I was able to understand the problem only watching panels in MC that displayed that there were peacks of CPU at fixed intervals and using MC I found the scheduled search that gave problems.

If you don't want it you can choose to not use it without consequences, but thinck carefully to this choice!

But you must know that Monitoring Console is an App that, when used, consumes resources, for this reason must be used on a dedicated server or at least not in a production Search Head.

Anyway it isn't an App that you use every day, but it's very useful to have always ready to debug problems and to check your infrastructuce because in one step you have a full check of your infrastructure and information if there's something wrong (e.g. THP, ulimits, indexing, space, etc...).

I hint to configure it and dedicate some time to see its dashboards, especially if you have a large infrastructure, in every part becuse you could need it!

For more infos, see at https://docs.splunk.com/Documentation/Splunk/8.0.0/DMC/Monitoringoverview

Ciao.
Giuseppe

0 Karma

richgalloway
SplunkTrust
SplunkTrust

"DMC" is the old term for the Monitoring Console (MC). It is part of Splunk so it doesn't need to be installed.
For distributed systems, the MC does need to be configured. Only one of your Splunk instances should have an MC set up in distributed mode - leave the others in standalone mode.
The MC runs a lot of searches so it shouldn't be run on a production search head. Put it on your License Master or Deployment Server.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...