.. _white_paper_use_cases_360_services_mon:

Use Case Demo: 360 Services Monitoring with TrackMe
===================================================

.. admonition:: Use Case Demo: 360 Services Monitoring with TrackMe

    - This use case demo demonstrate how TrackMe can be used to perform a **360 degree monitoring** of the different services that are commonly composing Splunk environments, with addition of third parties notably Cribl Logstream.
    - The purpose of this demo is to show step by step how to design and implement TrackMe concepts and features, notably:
        - ``Data tiers:`` Monitoring high priority Splunk Feeds availability and performance using TrackMe component ``splk-dsm``
        - ``Data tiers:`` Monitoring high priority endpoints availability (Think about Active Directory domain controllers, Checkpoint firewalls, etc.) using TrackMe component ``splk-dsm``
        - ``Data tiers:`` Monitoring abnormal volume variations in Splunk indexes and Splunk license usage using TrackMe component ``splk-flx``
        - ``Splunk tiers:`` Monitoring key aspects and metrics of Splunk Indexers Cluster using TrackMe component ``splk-flx``
        - ``Splunk tiers:`` Monitoring key aspects and metrics of Splunk Search Head Cluster or Search Heads using TrackMe component ``splk-flx``
        - ``Splunk tiers:`` Monitoring key aspects of Splunk Heavy Forwarder tiers using TrackMe component ``splk-flx``
        - ``Splunk tiers:`` Monitoring Splunk deployment servers and clients using TrackMe component ``splk-flx``
        - ``Use Cases & Controls:`` Monitoring Splunk core & Splunk Enterprise Security use cases using TrackMe Workload component ``splk-wlk``
        - ``Use Cases & Controls:`` Monitoring various environments control points using TrackMe component ``splk-flx``
        - ``Cribl Logstream:`` Monitoring Cribl Logstream availability and performance using TrackMe component ``splk-flx``
        - ``Splunk SOAR tier:`` Monitoring Splunk SOAR platforms using TrackMe component ``splk-flx``
    - Some of the components leveraged in this demo are restricted features available in TrackMe Enterprise Edition & Unlimited Edition.
    - **This demo documentation is a currently a work in progress** and will be updated in the future to reflect the latest features and capabilities of TrackMe.

Pictures Gallery
================

*The following image shows a template Splunk dashboard which calls TrackMe Flex converging entities, which transparently correlate the status of TrackMe entities to form the representation of the different tiers in the environment: (find this template in the API & Tooling menu, from TrackMe 2.1.18)*

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_01.png
   :alt: 360_services_mon_01.png
   :align: center
   :width: 1200px
   :class: with-border

*The following images show TrackMe Virtual Tenants Home page:*

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_02.png
   :alt: 360_services_mon_02.png
   :align: center
   :width: 1200px
   :class: with-border

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_03.png
   :alt: 360_services_mon_03.png
   :align: center
   :width: 1200px
   :class: with-border

*An incident is affecting the Splunk Indexers Cluster tier:*

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_04.png
   :alt: 360_services_mon_04.png
   :align: center
   :width: 1200px
   :class: with-border

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_05.png
   :alt: 360_services_mon_05.png
   :align: center
   :width: 1200px
   :class: with-border

*The Services Monitoring Virtual Tenant view:*

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_06.png
   :alt: 360_services_mon_06.png
   :align: center
   :width: 1200px
   :class: with-border

*The Services Monitoring Dashboard view:*

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_07.png
   :alt: 360_services_mon_07.png
   :align: center
   :width: 1200px
   :class: with-border

*The StateFul Opening incident Email notification:*

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_08.png
   :alt: 360_services_mon_08.png
   :align: center
   :width: 1200px
   :class: with-border

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_09.png
   :alt: 360_services_mon_09.png
   :align: center
   :width: 1200px
   :class: with-border   

*The StateFul Opening incident notification from the Splunk Indexer tier tenant:*

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_10.png
   :alt: 360_services_mon_10.png
   :align: center
   :width: 1200px
   :class: with-border

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_11.png
   :alt: 360_services_mon_11.png
   :align: center
   :width: 1200px
   :class: with-border

*Several views of the faulty Splunk indexer:*

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_12.png
   :alt: 360_services_mon_12.png
   :align: center
   :width: 1200px
   :class: with-border

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_13.png
   :alt: 360_services_mon_13.png
   :align: center
   :width: 1200px
   :class: with-border

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_14.png
   :alt: 360_services_mon_14.png
   :align: center
   :width: 1200px
   :class: with-border

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_15.png
   :alt: 360_services_mon_15.png
   :align: center
   :width: 1200px
   :class: with-border         

*A few pictures from the global Splunk cluster entity view:*

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_16.png
   :alt: 360_services_mon_16.png
   :align: center
   :width: 1200px
   :class: with-border

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_17.png
   :alt: 360_services_mon_17.png
   :align: center
   :width: 1200px
   :class: with-border

*After some time, the issue is resolved, the faulty indexer is back in service, the incident is closed and the dashboard shows the updated situation for our Splunl tiers:*

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_18.png
   :alt: 360_services_mon_18.png
   :align: center
   :width: 1200px
   :class: with-border

*Closure incident Email notifications were sent to the team:*

*Notes: for the documentation purposes, we show notification for the service as well as the entities, but you may choose to only send notifications for the tiers services.*

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_19.png
   :alt: 360_services_mon_19.png
   :align: center
   :width: 1200px
   :class: with-border

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_20.png
   :alt: 360_services_mon_20.png
   :align: center
   :width: 1200px
   :class: with-border

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_21.png
   :alt: 360_services_mon_21.png
   :align: center
   :width: 1200px
   :class: with-border
   
.. image:: img_v2/white_papers/360_services_mon/360_services_mon_22.png
   :alt: 360_services_mon_22.png
   :align: center
   :width: 1200px
   :class: with-border

.. image:: img_v2/white_papers/360_services_mon/360_services_mon_23.png
   :alt: 360_services_mon_23.png
   :align: center
   :width: 1200px
   :class: with-border