Welcome to TrackMe - Data in motion tracking system
TrackMe for Splunk is the ideal companion for your Splunk deployment, no matters the size of your environment, its unique capabilities help you on a daily basis to get the best value from your Splunk investments:
Discover and maintain Splunk entities at scale, track availability and quality of any kind of data in Splunk
Virtual tenancy is a key concept in TrackMe which allows creating on the fly knowledge objects in a repeatable way: create and scope tenants, experiment, destroy and restart as needed
TrackMe allows tracking your local Splunk deployment, or transparently any number of Splunk remote deployments (subject to licensing restrictions)
TrackMe’s unique workflow combines best Splunk capabilities, from a comprehensive user interface to notable events generation, SLA tracking and many more
Get the best from TrackMe components, using splk-feeds components provide deep Splunk feed tracking, splk-cim provides Common Information Model (CIM) compliance tracking, splk-flx (FLEX) adapts to any kind of Splunk magic query! (components are subjects to license restrictions)
Extend the visibility at any point in time with Hybrid and Elastic trackers, use Machine Learning outliers detection with deep and easy control, TrackMe is incredibly rich in features
License & support:
Compatibility and download:
Requirements:
Installation:
Administration guide:
- Configuration
- Summary requirements for the TrackMe service account
- Summary requirements for TrackMe administators
- Service Account and permissions
- Creating a service account for TrackMe with minimal permissions
- Minimal capabilities and resources for Remote Accounts and the user associated with the bearer token
- Users and roles
- Web Browsers and system compatibility
- Accessing TrackMe Configuration
- Remote Splunk deployments accounts
- Virtual Tenants Accounts
- General configuration
- Indexes general settings
- Prefs Vtenants UI
- Prefs Home UI
- splk-general
- splk-data-sampling
- splk-outliers-detection
- TrackMe Logging
- TrackMe theme for Tabulator
- Large Scale Environment and Best Practices Configuration Guide
- Creating Virtual Tenants
- Manage Virtual Tenants
- Operational status Virtual Tenants
- Scheduling Virtual Tenants
- Personal user profile for Virtual tenants
- Splunk remote deployments (splunkremotesearch)
- Overview of Splunk Remote Search capabilities in TrackMe
- Minimal RBAC requirements for the user account
- Configuring a new remote account
- Example of a Splunk Remote search performed by TrackMe
- Using splunkremotesearch in a different application namespace
- Troubleshooting failure to create or update a remote account
- Role Based Access Control and ownership
- Alerting Architecture & Third Parties Integration
- Outliers Anomaly Detection
- Machine Learning Outliers Anomaly Detection in TrackMe
- Data seasonality and behaviours
- Data not driven by seasonality
- Confidence level
- Minimal and Maximum thresholds for LowerBound and UpperBound Outliers breaches
- Demonstrating Machine Outliers detection in TrackMe
- SmartStatus and Outliers
- Accessing the ML models
- Accessing the ML models current results
- Disabling alerting on Outliers
- ML training scheduled jobs
- ML monitor scheduled jobs
- ML period exception: excluding periods of time
- ML Outliers system wide options
- ML Outliers options
- Understanding and Troubleshooting ML rendering results
- Troubleshooting ML training logs
- Troubleshooting ML rendering (monitoring) logs
- REST API endpoints for ML in TrackMe
- Expanding ML models results and definition
- Mass deleting ML models
- TrackMe sourcetypes & metrics
- TrackMe REST API
- splk-feeds - Creating and managing Hybrid Trackers
- Workload (splk-wlk) - Manage Workload tenants and trackers
- splk-flx - Creating and managing Flex Trackers
- splk-cim - Creating and managing CIM Trackers
- Feeds - Tags enrichments management
- Feeds (DataSource - splk-dsm) - Docs notes & links
- Tracking Expected hosts
- CMDB Lookup Integration
- Elastic sources for feeds tracking
- TrackMe CI/CD management (TCM)
- Maintenance mode & knowledge database
- TrackMe App on SOAR: Automate and interact with TrackMe from Splunk SOAR
White papers:
- TrackMe’s White Papers
- Running a TrackMe Proof of Concept
- Identifying the Key Use Cases
- Identify where to deploy TrackMe
- Service account and permissions
- Roles Based Access Control (RBAC)
- Install TrackMe
- Register a TrackMe licence for the POC
- Remote deployment and multiple Search Head tiers
- Design TrackMe tenants
- Design TrackMe at scale
- Design your alerting strategy
- Use TrackMe to detect abnormal events count drop in Splunk feeds
- Objective: Detecting abnormal events count drop in Splunk feeds
- What does TrackMe do out of the box? (feeds tracking with splk-dsm)
- Flex Object (splk-flx): Detect abnormal events count drop using Flex
- Flex Object use case 2 (splk-flx): Detect abnormal events count drop using Flex and Splunk licence usage
- Monitor Splunk Workload with TrackMe’s Workload component
- Monitor Splunk Indexers Clusters
- Monitor Splunk Search Head Clusters
- Backing up and Restoring TrackMe
User guide:
- Entities priority
- Entity Monitoring State
- Status Message
- Status Flipping Feature
- Notable Events
- Acknowledgments
- Splunk Feeds KPIs (splk-feeds)
- Splunk Feeds Thresholds (Delay and Latency, Machine Learning adaptive thresholding)
- 1. Introduction
- 2. Adaptive delay tresholds with Machine Learning (since TrackMe v2.0.72)
- 3. Reviewing Current Thresholds
- 4. Defining Custom Threshold Values
- 5. Lagging Classes for Thresholds Management
- 6. Per Entity Thresholds
- 7. Simulating Threshold Values
- 8. Anatomy of an Entity suffering from index time Latency
- 9. Anatomy of an Entity with Delay with no Latency
- Conclusion
- Splunk Feeds Delayed & Inactive Entities (splk-feeds)
- Logical groups (entities ensemble association)
- Splunk Workload (splk-wlk)
- Splunk SOAR Cloud & on-premise monitoring and active actions in TrackMe
- Cribl Logstream monitoring in TrackMe