Is there a way to group apps in Splunk deployment?

d3ag0s · ‎06-25-2019

We have started to use the Splunk Deployment within in our infrastructure and I was wondering if there's a way (including an add-on) to group the applications based on specific topics.
For example, we are looking to group the applications based on products and create under each main application their corresponding sub-apps (this should allow us to have a better overview of the entire landscape and keep everything under control).

Current setup:

Options 1:

Product -> where a product has 10 different servers, with 3 different roles (role1,role2 and role3). In this case, we end up with monitors that should only for role1 being setup on role3.

Options 2:

role1, role2, role3 as separate apps - is also an option, but when we end up with over 100 apps things get a little bit hard to manage and we loose overview.

richgalloway · ‎06-25-2019

Splunk's deployment server uses a flat app structure. The only grouping of apps is by server class.
Perhaps another tool like Ansible or Puppet will do what you desire.

---
If this reply helps you, Karma would be appreciated.

VatsalJagani · ‎06-25-2019

Are you talking about Splunk App's to group? - Right now there is no way to group the Splunk Apps.
If you want to group the data - Please give more details about events that you are having in your Splunk.

Is there a way to group apps in Splunk deployment?

Modern way of developing distributed application using OTel

Enterprise Security Content Update (ESCU) | New Releases

Archived Metrics Now Available for APAC and EMEA realms