Welcome to TrackMe - Data in motion tracking system

TrackMe for Splunk is the ideal companion for your Splunk deployment, no matters the size of your environment, its unique capabilities help you on a daily basis to get the best value from your Splunk investments:

• Discover and maintain Splunk entities at scale, track availability and quality of any kind of data in Splunk

• Virtual tenancy is a key concept in TrackMe which allows creating on the fly knowledge objects in a repeatable way: create and scope tenants, experiment, destroy and restart as needed

• TrackMe allows tracking your local Splunk deployment, or transparently any number of Splunk remote deployments (subject to licensing restrictions)

• TrackMe’s unique workflow combines best Splunk capabilities, from a comprehensive user interface to notable events generation, SLA tracking and many more

• Get the best from TrackMe components, using splk-feeds components provide deep Splunk feed tracking, splk-cim provides Common Information Model (CIM) compliance tracking, splk-flx (FLEX) adapts to any kind of Splunk magic query! (components are subjects to license restrictions)

• Extend the visibility at any point in time with Hybrid and Elastic trackers, use Machine Learning outliers detection with deep and easy control, TrackMe is incredibly rich in features

License & support:

License, terms & conditions, support

• EULA License
• Terms & Conditions
  • TrackMe Limited IT Software Terms and Conditions
• Support
  • TrackMe Enterprise & Unlimited registered edition
  • TrackMe Free Limited edition
  • Report a bug or submit a request for enhancement
  • Splunk community slack
  • Splunk community (ex. Splunk Answers)

Compatibility and download:

Compatibility & Download

• Compatibility
  • Splunk core compatibility
  • Splunk Enterprise and Splunk Cloud compatibility
  • Python compatibility
  • Web Browser compatibility
• Download
  • TrackMe for Splunk Enterprise & Splunk Cloud
  • TrackMe App on SOAR
  • TrackMe Configuration Manager (TCM)
  • TA-trackme-cribl

Requirements:

Requirements

• Requirements for TrackMe
  • Target for deployments
  • System requirements for the use of TrackMe

Installation:

Installation

• Installation
  • Installation Target
  • Indexes definition
  • Installing TrackMe
  • Upgrading TrackMe
• Upgrading TrackMe
  • 1. Introduction
  • 2. Schema version
• Migrate from TrackMe V1 to TrackMe V2
  • Introduction
  • Planning the migration
  • Prior to the migration: Performing backups and exports
  • Upgrading to TrackMe V2
• License registration
  • TrackMe licensing modes
  • Registering and managing TrackMe licensing

Administration guide:

Administration guide

• Configuration
  • Summary requirements for the TrackMe service account
  • Summary requirements for TrackMe administators
  • Service Account and permissions
  • Creating a service account for TrackMe with minimal permissions
  • Minimal capabilities and resources for Remote Accounts and the user associated with the bearer token
  • Users and roles
  • Web Browsers and system compatibility
  • Accessing TrackMe Configuration
  • Remote Splunk deployments accounts
  • Virtual Tenants Accounts
  • General configuration
  • Indexes general settings
  • Prefs Vtenants UI
  • Prefs Home UI
  • splk-general
  • splk-data-sampling
  • splk-outliers-detection
  • TrackMe Logging
• TrackMe theme for Tabulator
  • Configuring the Tabulator theme & Icons theme preferences for Virtual Tenant UI & Home Tenant UI
  • User level configuration for Tabulator theme & Icons theme preferences
  • Dark Site theme
  • Dark Midnight theme
  • Light theme
  • Light Site theme
  • Light Modern theme
• Large Scale Environment and Best Practices Configuration Guide
  • Introduction
  • Scaling Concepts with TrackMe
  • Requirements
  • Feeds Tracking (splk-feeds components family)
  • Other components and additional considerations
  • Alerting Architecture in TrackMe
• Creating Virtual Tenants
  • What is a TrackMe Virtual Tenant
  • Types of Virtual Tenants
  • Creating a Splunk Feeds (splk-feeds) Virtual Tenant
  • Creating a CIM compliance (splk-cim) Virtual Tenant
  • Creating an Splunk Flex Object (splk-flx) Virtual Tenant
  • Creating a Splunk Workload Virtual Tenant
• Manage Virtual Tenants
  • Access a Virtual Tenant
  • Managing a Virtual Tenant
  • Hiding a tenant from your personal profile
  • SLA compliance
• Operational status Virtual Tenants
  • What is the Ops status for Virtual Tenants
  • Example of failure detection
  • Additional resources
  • Virtual Tenants Ops status technical overview
• Scheduling Virtual Tenants
  • Monitoring the Virtual Tenant scheduling activity
  • Trackers logging and troubleshooting
  • Automated scheduling re-attempting concept
• Personal user profile for Virtual tenants
  • Per user preferences
  • Application level default preferences
• Splunk remote deployments (splunkremotesearch)
  • Overview of Splunk Remote Search capabilities in TrackMe
  • Minimal RBAC requirements for the user account
  • Configuring a new remote account
  • Example of a Splunk Remote search performed by TrackMe
  • Using splunkremotesearch in a different application namespace
  • Troubleshooting failure to create or update a remote account
• Role Based Access Control and ownership
  • Introduction to RBAC in TrackMe
  • Definition of RBAC and ownership at the creation phase of the Virtual Tenant
  • Updating RBAC policies and ownership assignement for an existing Virtual Tenant
• Alerting Architecture & Third Parties Integration
  • Introduction to Alerting in TrackMe
  • Creating an alert in TrackMe
  • Third Parties Alert Integration
  • Deleting TrackMe alerts
• Outliers Anomaly Detection
  • Machine Learning Outliers Anomaly Detection in TrackMe
  • Data seasonality and behaviours
  • Data not driven by seasonality
  • Confidence level
  • Minimal and Maximum thresholds for LowerBound and UpperBound Outliers breaches
  • Demonstrating Machine Outliers detection in TrackMe
  • SmartStatus and Outliers
  • Accessing the ML models
  • Accessing the ML models current results
  • Disabling alerting on Outliers
  • ML training scheduled jobs
  • ML monitor scheduled jobs
  • ML period exception: excluding periods of time
  • ML Outliers system wide options
  • ML Outliers options
  • Understanding and Troubleshooting ML rendering results
  • Troubleshooting ML training logs
  • Troubleshooting ML rendering (monitoring) logs
  • REST API endpoints for ML in TrackMe
  • Expanding ML models results and definition
  • Mass deleting ML models
• TrackMe sourcetypes & metrics
  • TrackMe events & sourcetypes
  • TrackMe metrics
• TrackMe REST API
  • REST API reference
• splk-feeds - Creating and managing Hybrid Trackers
  • Introduction to Hybrid Trackers
  • Creating an Hybrid Tracker for splk-feeds
  • Managing Hybrid Trackers for splk-feeds
• Workload (splk-wlk) - Manage Workload tenants and trackers
  • Introduction to the Workload component
  • Creating and configuring a Workload Tenant
  • Managing Workload Trackers
  • Managing Workload detection
  • Creating a Workload tenant to host mutliple Search Head tiers with overgroup
• splk-flx - Creating and managing Flex Trackers
  • Introduction to Flex Trackers
  • Flex Object use cases Library & Tracker creation
  • Managing Flex Trackers
  • Key Performance Indicators in Flex Trackers
• splk-cim - Creating and managing CIM Trackers
  • Introduction to CIM Trackers
  • Creating a CIM Tracker
  • Managing CIM Trackers & advanced options
• Feeds - Tags enrichments management
  • Introduction to tags enrichments
  • Tags enrichments for splk-dsm (Data Sources)
  • Tags enrichments for splk-dhm/splk-mhm
  • Configuration for splk-dsm/splk-mhm
• Feeds (DataSource - splk-dsm) - Docs notes & links
  • Introduction to documentation notes & links for splk-dsm
  • Where to find the documentation notes & links in TrackMe UI
  • Defining global documentation notes & links
  • Defining documentation notes & links per entity
  • REST API endpoints
• Tracking Expected hosts
  • Introduction to Expected hosts tracking
  • Injecting Expected Hosts in an existing TrackMe tenant
• CMDB Lookup Integration
  • Introduction to the CMDB Lookup up integration in TrackMe
  • CMDB Lookup feature overview in the TrackMe user interface
  • Configuring the CMDB Lookup up search logic
• Elastic sources for feeds tracking
  • Introduction to Elastic sources
  • Accessing the Elastic source creation UI
  • Elastic source example 1: raw search with search time only extracted fields
  • Elastic source example 2: tracking lookups update and number of records
  • Administering Shared Elastic Sources
  • Administrating Dedicated Elastic Sources
• TrackMe CI/CD management (TCM)
  • Introduction to the TrackMe Configuration Manager
  • Downloading TCM
  • Principles
  • Configuring TrackMe and TCM in non Production
  • Configuring TrackMe and TCM in Production
  • Troubleshooting
• Maintenance mode & knowledge database
  • Introduction to the maintenance features
  • TrackMe permissions requirements
  • Maintenance Mode
  • Maintenance Knowledge DataBase
  • REST API endpoints for the Maintenance Mode and Maintenance Knowledge DataBase
• TrackMe App on SOAR: Automate and interact with TrackMe from Splunk SOAR
  • Overview of the TrackMe App on SOAR
  • SOAR TrackMe actions overview
  • SOAR TrackMe usage example

White papers:

White papers

• TrackMe’s White Papers
  • TrackMe implementation
  • TrackMe management
• Running a TrackMe Proof of Concept
  • Identifying the Key Use Cases
  • Identify where to deploy TrackMe
  • Service account and permissions
  • Roles Based Access Control (RBAC)
  • Install TrackMe
  • Register a TrackMe licence for the POC
  • Remote deployment and multiple Search Head tiers
  • Design TrackMe tenants
  • Design TrackMe at scale
  • Design your alerting strategy
• Use TrackMe to detect abnormal events count drop in Splunk feeds
  • Objective: Detecting abnormal events count drop in Splunk feeds
  • What does TrackMe do out of the box? (feeds tracking with splk-dsm)
  • Flex Object (splk-flx): Detect abnormal events count drop using Flex
  • Flex Object use case 2 (splk-flx): Detect abnormal events count drop using Flex and Splunk licence usage
• Monitor Splunk Workload with TrackMe’s Workload component
  • Requirements
  • Step 1: Create a Splunk Remote Deployment Account for the SHC
  • Step 2: Create a Workload tenant and use the wizard to create trackers automatically
  • Step 3: Start using the Workload component, detect and investigate scheduling issues
• Monitor Splunk Indexers Clusters
  • Step 1: Create a Splunk Remote Deployment Account for the Cluster Manager
  • Step 2: Create a Flex Object tenant for Indexer Clusters monitoring
  • Step 3: Create Flex Object trackers using the Flex Objects library
  • Annexe: Use cases definition (SPL)
• Monitor Splunk Search Head Clusters
  • Step 1: Create a Splunk Remote Deployment Account for the SHC
  • Step 2: Create a Flex Object tenant for Search Head Clusters monitoring
  • Step 3: Create Flex Object trackers using the Flex Objects library
  • Annexe: Use cases definition (SPL)
• Backing up and Restoring TrackMe
  • Introduction to backup and restore
  • Backing up TrackMe
  • Restoring TrackMe

User guide:

User guide

• Entities priority
  • Introduction to TrackMe Entities Priority
  • Why using the priority
  • Updating the priority
  • Priority change audit
  • Recommendations for Using TrackMe Entities Priority
• Entity Monitoring State
  • Introduction
  • Purposes of Monitoring Status
  • Use Cases for Monitoring Status
  • TrackMe User Interface
  • Updating the Monitored State
• Status Message
  • Introduction to the Status Message
  • Factors Influencing the Status
  • Availability of the Status Message
  • Reviewing the Status Message
  • Examples of Status Messages
• Status Flipping Feature
  • Introduction to flipping events
  • Status Flipping: Understanding Entity States
  • How Status Flipping Works
  • Flipping Event Examples
  • Reviewing TrackMe Flipping Events
  • Searching Flipping Events in Splunk
  • Using Flipping Status Events as Key Performance Indicators
• Notable Events
  • Introduction to Notable events
  • How TrackMe Notable Events Work
  • Searching Notable Events in Splunk
  • Reviewing TrackMe Notable Events
  • Notable Events: Essential and Valuable Feature
• Acknowledgments
  • Introduction to Acknowledgments
  • How TrackMe Acknowledgment Works
  • Conclusion
• Splunk Feeds KPIs (splk-feeds)
  • Introduction to latency and delay
  • Latency in the Splunk Context
  • Understanding Latency’s Importance
  • Delay in the Splunk Context
  • Difference between Latency and Delay
  • Significance of Delay
  • How TrackMe Handles Latency and Delay
  • Reviewing latency and delay in TrackMe
  • Conclusion on latency and delay
• Splunk Feeds Thresholds (Delay and Latency, Machine Learning adaptive thresholding)
  • 1. Introduction
  • 2. Adaptive delay tresholds with Machine Learning (since TrackMe v2.0.72)
  • 3. Reviewing Current Thresholds
  • 4. Defining Custom Threshold Values
  • 5. Lagging Classes for Thresholds Management
  • 6. Per Entity Thresholds
  • 7. Simulating Threshold Values
  • 8. Anatomy of an Entity suffering from index time Latency
  • 9. Anatomy of an Entity with Delay with no Latency
  • Conclusion
• Splunk Feeds Delayed & Inactive Entities (splk-feeds)
  • 1. Introduction
  • 2. Date and time of last feed inspection
  • 3. Health Tracker (context=”untracked_entities”)
• Logical groups (entities ensemble association)
  • Introduction to logical groups
  • Use cases for logical groups
  • Creating, updating and deleting logical groups via the central Logical Group screen
  • Creating logical groups and associating entities
• Splunk Workload (splk-wlk)
  • 1. Introduction
  • 2. Workload entities
  • 3. Anomaly reason
  • 4. Workload metrics
  • 5. Metadata Versioning
  • 6. Delayed searches execution detection
  • 7. Orphan searches detection
  • 8. Skipping searches detection
  • 9. Error executions detection
  • 10. Machine Learning Outliers detection
• Splunk SOAR Cloud & on-premise monitoring and active actions in TrackMe
  • 1. Introduction to SOAR monitoring
  • 2. Requirements for SOAR monitoring
  • 3. Implementation of SOAR monitoring
  • 4. Interacting with the SOAR API with GET and POST calls in pure SPL
  • 5. SOAR Application status active health check
  • 6. SOAR Automation Brokers High Availability with TrackMe
• Cribl Logstream monitoring in TrackMe
  • 1. Introduction to Cribl Logstream monitoring
  • 2. Requirements for Cribl Logstream monitoring
  • 3. Implementation for Cribl Logstream monitoring
  • 4. Review

Troubleshoot & FAQ:

Troubleshoot

• Troubleshooting
• Frequently asked questions (FAQ)

Versioning and build history:

Versioning

• Release notes

Various

Various

• Third-party components credits