Monitoring Splunk

Turn on Monitoring Console Distributed Mode via CLI or REST

pgrigoryev
New Member

I'm trying to automate the build of my Monitoring Console instance.

In the documentation http://docs.splunk.com/Documentation/Splunk/7.2.1/DMC/Deploymentsetupsteps it says that I should:

  1. first add the instances being ,monitored as search peers (I've found a cli command for that)

  2. then turn on the distributed mode in the GUI like this: http://docs.splunk.com/Documentation/Splunk/7.2.1/DMC/Configureindistributedmode to populate the splunk_monitoring_console_assets.conf and assets.csv lookup (documented here: docs.splunk.com/Documentation/Splunk/7.2.1/DMC/HowtheDMCworks )

I'm wondering is there a way to automate enabling Monitoring Console Distributed Mode step?

0 Karma

woodcock
Esteemed Legend

Here are the changes that this causes:

In $SPLUNK_HOME/etc/apps/splunk_monitoring_console/local/app.conf it sets this in the [install] stanza:

is_configured = 1

In $SPLUNK_HOME/etc/system/local/distsearch.conf it sets this in the [distributedSearch:dmc_group_indexer] stanza:

default = false

In /opt/splunk/etc//apps/splunk_monitoring_console/local/data/ui/nav/default.xml it makes many changes, so it is easier to post the delta, which is this:

3a4
>   <view name="monitoringconsole_instances" />
5c6,14
<     <view name="indexing_performance_instance" />
---
>     <collection label="Performance">
>       <view name="indexing_performance_instance" />
>       <view name="indexing_performance_deployment" />
>     </collection>
>     <collection label="Indexer Clustering">
>         <!--<a href="Clustering">Indexer Clustering: Status</a>-->
>       <view name="indexer_clustering_status" />
>       <view name="indexer_clustering_service_activity" />
>     </collection>
7a17
>       <view name="indexes_and_volumes_deployment" />
8a19
>       <view name="index_detail_deployment" />
9a21
>       <view name="volume_detail_deployment" />
12a25
>       <view name="http_event_collector_deployment" />
14c27,28
<       <view name="data_quality" />
---
>       <view name="splunk_tcpin_performance_deployment" />
>       <view name="data_quality" />
22,25c36,60
<     <view name="search_activity_instance" />
<     <view name="search_usage_statistics_instance" />
<     <view name="kv_store_instance" />
<     <view name="scheduler_activity_instance" />
---
>     <collection label="Activity">
>       <view name="search_activity_instance" />
>       <view name="search_activity_deployment" />
>       <view name="search_usage_statistics_instance" />
>       <view name="search_usage_statistics_deployment" />
>     </collection>
>     <collection label="Distributed Search">
>       <view name="distributed_search_instance" />
>       <view name="distributed_search_deployment" />
>     </collection>
>     <collection label="Search Head Clustering">
>       <view name="shc_status_and_conf" />
>       <view name="shc_conf_rep" />
>       <view name="shc_artifact_replication" />
>       <view name="shc_scheduler_delegation_statistics" />
>       <view name="shc_app_deployment" />
>     </collection>
>     <collection label="Scheduler Activity">
>       <view name="scheduler_activity_instance" />
>       <view name="scheduler_activity_deployment" />
>     </collection>
>     <collection label="KV Store">
>       <view name="kv_store_instance" />
>       <view name="kv_store_deployment" />
>     </collection>
29a65
>     <view name="resource_usage_deployment" />

Here is the entirety of the /opt/splunk/etc//apps/splunk_monitoring_console/local/data/ui/nav/default.xml file:

<nav color="#3C444D">
  <view name="monitoringconsole_overview" default="true" />
  <view name="monitoringconsole_check" />
  <view name="monitoringconsole_instances" />
  <collection label="Indexing">
    <collection label="Performance">
      <view name="indexing_performance_instance" />
      <view name="indexing_performance_deployment" />
    </collection>
    <collection label="Indexer Clustering">
        <!--<a href="Clustering">Indexer Clustering: Status</a>-->
      <view name="indexer_clustering_status" />
      <view name="indexer_clustering_service_activity" />
    </collection>
    <collection label="Indexes and Volumes">
      <view name="indexes_and_volumes_instance" />
      <view name="indexes_and_volumes_deployment" />
      <view name="index_detail_instance" />
      <view name="index_detail_deployment" />
      <view name="volume_detail_instance" />
      <view name="volume_detail_deployment" />
    </collection>
    <collection label="Inputs">
      <view name="http_event_collector_instance" />
      <view name="http_event_collector_deployment" />
      <view name="splunk_tcpin_performance_instance" />
      <view name="splunk_tcpin_performance_deployment" />
      <view name="data_quality" />
    </collection>
    <collection label="License Usage">
      <view name="license_usage_today" />
      <view name="license_usage_30days" />
    </collection>
  </collection>
  <collection label="Search">
    <collection label="Activity">
      <view name="search_activity_instance" />
      <view name="search_activity_deployment" />
      <view name="search_usage_statistics_instance" />
      <view name="search_usage_statistics_deployment" />
    </collection>
    <collection label="Distributed Search">
      <view name="distributed_search_instance" />
      <view name="distributed_search_deployment" />
    </collection>
    <collection label="Search Head Clustering">
      <view name="shc_status_and_conf" />
      <view name="shc_conf_rep" />
      <view name="shc_artifact_replication" />
      <view name="shc_scheduler_delegation_statistics" />
      <view name="shc_app_deployment" />
    </collection>
    <collection label="Scheduler Activity">
      <view name="scheduler_activity_instance" />
      <view name="scheduler_activity_deployment" />
    </collection>
    <collection label="KV Store">
      <view name="kv_store_instance" />
      <view name="kv_store_deployment" />
    </collection>
  </collection>
  <collection label="Resource Usage">
    <view name="resource_usage_instance" />
    <view name="resource_usage_machine" />
    <view name="resource_usage_deployment" />
    <view name="workload_management" />
  </collection>
  <collection label="Forwarders">
    <view name="forwarder_instance" />
    <view name="forwarder_deployment" />
  </collection>
  <collection label="Settings">
    <view name="monitoringconsole_configure" />
    <view name="monitoringconsole_forwarder_setup" />
    <view name="monitoringconsole_alerts_setup" />
    <view name="monitoringconsole_overview_preferences"/>
    <view name="monitoringconsole_check_list" />
  </collection>
  <a href="search">Run a Search</a>
</nav>

woodcock
Esteemed Legend

@pgrigoryev Did this help you? Come back and respond and click Accept if you got what you need?

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Data Management Digest – June 2026

Welcome to the June 2026 edition of Data Management Digest! This month’s update is short and sweet, with a ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...