Would a better global _meta make life easier for everyone? ... View more

write_splunk is an extension to the write_http plugin. It does some metrics reformatting for common plugins like disk and cpu to set certain portions of the name such as volume or CPU as dimensions. It also pulls information about the host from the OS to add as dimensions as well. write_splunk is the recommended plugin to use for collectd as it allows for the addition of custom dimensions and in the most recent versions the ability to send to a UF before sending to splunk. It is also the plugin required to use data with SAI. ... View more

You can use the config files for collectd on your monitored hosts, look under /etc/collectd/collectd.conf (Most Linux and Unix) or /etc/collectd.conf (RHEL) ... View more

You should not run the script on the the SH, Master or INdexers as it can conflict with inputs and configs on those entities. Please follow the "Manually configure metrics collection on a *nix host" section of docs for setting up collectd on these nodes https://docs.splunk.com/Documentation/InfraApp/1.3.0/Admin/ManageAgents ... View more

The App for Infra team has been unable to reproduce this issue. Did the index name for the metrics change? ... View more

Add-on for Windows Infrastructure 5.0.0 and later supports metrics transformations. You can also use Windows TA 4.8.4 with Splunk App & Add-on for Infrastructure to accomplish the same thing. ... View more

These are good points, we'll look into adding a better AND OR syntax to the search to make this flexibility possible ... View more

This has been fixed in 1.1.1 - the launcher now sets https by default ... View more

this depends on the use case. For Windows data, all metrics are collected via perfmon inputs on the UF. These are native inputs to the UF and the payloads are transformed to metrics in the indexing pipeline. For Linux hosts, the UF is used to send logs to splunk using the S2S protocol. Collectd is the metrics collection agent and send direct to Splunk HEC (HTTP Event Collector) which is the Splunk recommended input for metrics. ... View more

Adam, very good points. The ability to save to a custom dashboard in the Insight isn't yet in the product, the app for Splunk Enterprise can save any panel as a dashboard that can be customized to meet whichever visualization you prefer. ... View more

Are all of the required ports open and accessible on your Splunk Insight instance? No firewall or network restrictions ... View more

gquigley, We are working on new OS support all the time. We'll take the Solaris requirement back to the product team and see about getting it supported in a future release. Nick ... View more

I don't think the errors for the license are associated. Let's check for log files on the instance. In the command line go to $SPLUNK_HOME/splunk/bin and run ./splunk search "index=main | stats count by host" and see what comes out. You should see the same host with a count of logs collected. If nothing returns then you aren't getting any data in and we'll have to try something different. ... View more

Was this installed on an instance with an existing splunk install? Did you install any other licenses than the default license that came with the Splunk Insights for Infrastructure package? ... View more

What kind of charts are you looking to create? Do you want general access to the SPL query language for customization or would you like this to be a part of the UI? ... View more

I think the first thing to check is the console. You have the right role enabled so I think there may be an issue in retrieving the entity rules for setting that link. ... View more

Thanks for downloading and using the add-on, we appreciate your feedback. We're currently in the process of working on the pagination issue. ... View more

Future versions of the add-on will have this issue solved. We will also be release an official Splunk version of this add-on soon that will account for pagination. ... View more

Correction: The Module will come with the next release of ITSI. ... View more

Which version of ITSI are you on? ... View more