Reporting

Difference between Splunk monitoring console and Distributed management console

SamHTexas
Builder

What is the Difference between Splunk monitoring console and Distributed management console. How doo I access Dist. monitoring console ?

Labels (1)
Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Monitoring Console is the new name for the Distributed Management Console.  They are the same thing.

---
If this reply helps you, Karma would be appreciated.
0 Karma

SamHTexas
Builder

Hello, Rich should I enable distributed mode in my Monitoring console as suggested by another great helper?

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

If you have a distributed Splunk environment then, yes, the MC absolutely should be in Distributed mode.  Only configure one MC, however.  Put it on your License Manager or another lightly-used instance.

---
If this reply helps you, Karma would be appreciated.
0 Karma

SamHTexas
Builder

One more question please. I am going to change to dist. mode. But the deployment I have walked into. They hav a monitoring console on almost every Splunk server like om MC, LM, SHs etc. Should I remove most & only keep one Monitoring console in Dist. mode? Thax again

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

The MC is built-in to every Splunk instance (except UF).  Only one of them should be in Distributed mode; the rest should be in Standalone mode.  The instance you choose to be the MC should have visibility into all other instances (make them search peers).

---
If this reply helps you, Karma would be appreciated.

SamHTexas
Builder

Please show me how to make the MCs peers with the MC in distributed mode. I appreciate your time.

 

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

The MC does not peer with other MCs.  It peers with other Splunk instances.  Do so the same way you would peer a search head with an indexer.  Go to Settings->Distributed Search and add all of the non-forwarder Splunk servers as peers to the MC.  Then open the MC and select Settings->General Setup, review the server list, and click Apply Changes.

See https://docs.splunk.com/Documentation/Splunk/8.1.2/DMC/Configureindistributedmode for details.

---
If this reply helps you, Karma would be appreciated.
0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @SamHTexas,

The difference is Distributed Monitoring Console monitors your distributed deployment. You should enable Distributed mode inside the monitoring console. Please see below documentation;

https://docs.splunk.com/Documentation/Splunk/8.1.2/DMC/Configureindistributedmode 

If this reply helps you an upvote and "Accept as Solution" is appreciated.

SamHTexas
Builder

One more question please reg Distributed mode in the MC. In the Splunk environment I have inherited. There are 2 Monitoring consoles both in Distributed mode, does this cause problems?

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Having 2 MCs will create excess load in your Splunk environment, but should not cause real problems.  Best to disable one of them, however, so you have a single source of truth and only one MC to keep current.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...