Welcome to TrackMe - Data in motion tracking system
TrackMe for Splunk is the ideal companion for your Splunk deployment, no matters the size of your environment, its unique capabilities help you on a daily basis to get the best value from your Splunk investments:
Discover and maintain Splunk entities at scale, track availability and quality of any kind of data in Splunk
Virtual tenancy is a key concept in TrackMe which allows creating on the fly knowledge objects in a repeatable way: create and scope tenants, experiment, destroy and restart as needed
TrackMe allows tracking your local Splunk deployment, or transparently any number of Splunk remote deployments (subject to licensing restrictions)
TrackMe’s unique workflow combines best Splunk capabilities, from a comprehensive user interface to notable events generation, SLA tracking and many more
Get the best from TrackMe components, using splk-feeds components provide deep Splunk feed tracking, splk-cim provides Common Information Model (CIM) compliance tracking, splk-flx (FLEX) adapts to any kind of Splunk magic query! (components are subjects to license restrictions)
Extend the visibility at any point in time with Hybrid and Elastic trackers, use Machine Learning outliers detection with deep and easy control, TrackMe is incredibly rich in features
Quickstart:
License & support:
License, terms & conditions, support
Compatibility and download:
Compatibility & Download
Requirements:
Requirements
Installation:
Administration guide:
Administration guide
- Configuration
- TrackMe theme for Tabulator
- Large Scale Environment and Best Practices Configuration Guide
- Creating Virtual Tenants
- Manage Virtual Tenants
- Operational status Virtual Tenants
- Scheduling Virtual Tenants
- Personal user profile for Virtual tenants
- Splunk remote deployments (splunkremotesearch)
- Role Based Access Control and ownership
- Alerting Architecture & Third Parties Integration
- Priority Management
- Outliers Anomaly Detection
- TrackMe Data Sampling - Events and format recognition for quality inspection in TrackMe
- TrackMe sourcetypes & metrics
- TrackMe REST API
- splk-feeds - Creating and managing Hybrid Trackers
- Workload (splk-wlk) - Manage Workload tenants and trackers
- splk-flx - Creating and managing Flex Trackers
- splk-cim - Creating and managing CIM Trackers
- TrackMe Tags enrichment
- Feeds (DataSource - splk-dsm) - Docs notes & links
- Tracking Expected hosts
- CMDB Lookup Integration
- Elastic sources for feeds tracking
- TrackMe CI/CD management (TCM)
- Maintenance mode & knowledge database
- TrackMe App on SOAR: Automate and interact with TrackMe from Splunk SOAR
White papers:
White papers
- TrackMe’s White Papers
- Running a TrackMe Proof of Concept
- QUICK START - Starting with TrackMe: (feed tracking quickstart)
- Use TrackMe to detect abnormal events count drop in Splunk feeds
- Analyse log messages logging level to detect behaviour anomalies using TrackMe’s Flex Object and Machine Learning Anomaly Detection
- Tracking Splunk Cloud SVC consumption in TrackMe
- Monitor Splunk Workload with TrackMe’s Workload component
- Monitor Splunk Indexers Clusters
- Monitor Splunk Search Head Clusters
- Backing up and Restoring TrackMe
- Auto deletion or management of TrackMe entities
- Performing mass operations in TrackMe
- Using SLA alerting to build a 2-tier monitoring system
User guide:
User guide
- Entities priority
- Entity Monitoring State
- Status Message
- Status Flipping Feature
- Notable Events
- Acknowledgments
- Splunk Feeds KPIs (splk-feeds)
- Splunk Feeds Thresholds (Delay and Latency, Machine Learning adaptive thresholding)
- Splunk Feeds Delayed & Inactive Entities (splk-feeds)
- Logical groups (entities ensemble association)
- Splunk Workload (splk-wlk)
- Splunk SOAR Cloud & on-premise monitoring and active actions in TrackMe
- Cribl Logstream monitoring in TrackMe
Troubleshoot & FAQ:
Troubleshoot
Versioning and build history:
Versioning
Various
Various