Monitoring Splunk

Where do I find System Activity information in a 6.4.x Distributed Management Console?

alexislh
Explorer

Hi there,

The Activity > System Activity was very useful in the previous Splunk versions, letting you quickly access to last Errors and the like.

It has been removed in 6.4.

The documentation says it is now included in the Distributed Management Console:

The information shown in the System Activity view in earlier versions of Splunk Enterprise is now included in Distributed Management Console views. The System Activity view is removed from this version of Splunk Enterprise. For more information, see the Distributed Management Console Manual.

I cannot manage to find the equivalent in the DMC. Anyone with better eyes than mine find it?

Thanks in advance

0 Karma

MuS
Legend

Hi alexislh,

running Splunk 6.4.0 and I have a bunch of System Activity views available in DMC in the Search navigation dropdown:

alt text

Hope this helps ...

cheers, MuS

0 Karma

alexislh
Explorer

Well, I am looking for the views that were in old System Activity view like last splunkd errors, users activity etc

And yes, this is just a standalone Splunk in lab!

0 Karma

jlaw
Splunk Employee
Splunk Employee

Check out Search Usage Statistics and the Overview.

alexislh
Explorer

Hi MuS,

Thanks but damn, in 6.4.1 I don't even have that :

alt text

0 Karma

jlaw
Splunk Employee
Splunk Employee

What information are you looking for? It looks like your DMC is in standalone mode. If you have a multi-instance deployment, you can set it up like MuS did to view data from all instances in your deployment. Here's what you need to do for that:
http://docs.splunk.com/Documentation/Splunk/6.4.1/DMC/Deploymentsetupsteps

jlaw
Splunk Employee
Splunk Employee

Which information in particular are you looking for?

The docs have a super abbreviated sampling of information you can find in DMC dashboards:
http://docs.splunk.com/Documentation/Splunk/6.4.0/DMC/WhatcanDMCdo

Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...