The Insights App for Splunk (IA4S) tracks every aspect of the Splunk environment including: - User Login/Usage Tracking - Knowledge Object Tracking (Dashboards, Macros, Eventtypes, Lookups, etc) - Index License Usage Tracking - Index Size Tracking - Resource consumption (Real, SVC) - Search performance - KV store health - Data source analysis It uses machine learning to forecast future license ingestion. IA4S stores valuable data long term usually lost after a few weeks. This will allow for continuous benchmarking of the customer’s Splunk journey. The app is for any Splunk admin that wants to dissect any Splunk implementation including deep dive search analysis with endless enrichments. IA4S collects data from various places in Splunk such as REST endpoints and uses the information to enrich every dashboard included in it. The center piece is the “Audit Search Activity” - Dashboard which is driven by a brand-new summarized data model which summarizes search data from _audit, _internal & _introspection and normalizes all of the data including the search ID so we can correlate searches across these 3 datasets seamlessly. The Insights DM also tracks terminated jobs when memory tracking is enabled. The dashboard also simplifies scheduled search skip analyses in an SHC or non-SHC environment. The IA4S is driven by 1 accelerated data model, 1 summary index, and multiple KV stores for fast access. The app contains a collection of >140 macros to reuse in any other custom dashboards development or when running ad-hoc searches.