All Apps and Add-ons

Have you tested this app in Splunk Cloud?

Javip
Path Finder

Hi Gareth!

I like a lot your app, thanks a lot!
I've testing in my own on-premise Splunk server, but I will like to use it in a Splunk Cloud environment.
Have you tested there? Can we get the same results and alerts?

Thanks a lot for your comments.
J.

0 Karma

afroz
Path Finder

Hi,

You can customise savesearches.conf and macros.conf file to use in any environments.

Splunk cloud I would suggest to write those searches manually.

However, I have tested this app in splunk cloud works fine.

Javip
Path Finder

Thanks a lot for your answer!

Did you added this App to your Splunk Cloud or you added only macros and several saved searches?

0 Karma

gjanders
SplunkTrust
SplunkTrust
0 Karma

gjanders
SplunkTrust
SplunkTrust

I have not tested in the Splunk Cloud environment, the application was developed on-premise and is most relevant for a on-prem environment.

It should work in Splunk cloud as long as you have access to the _internal index for the majority of the alerts, some alerts need _introspection and a few use _audit.

Assuming you have access to those internal indexes it should work however some of the alerts might not be as relevant in a cloud environment, particularly around performance issues.

If you do try it let me know if it works or not as I do not currently have a cloud environment, I might try signup for one this weekend if I have time!

0 Karma

Javip
Path Finder

Hi again!
And thanks for your answer!

You are right, you App should work ok in Splunk Cloud because we canaccess to these indexes as well.
I'll wait for your tests if you have time this weekend 🙂
And I'll continue my own tests in Dev (on-prem) environment.

J.

0 Karma

gjanders
SplunkTrust
SplunkTrust

I did some quick testing (20 minutes worth) and from what I can see the internal index, REST API's and introspection data are all accessible, even the dashboards I tested worked.

However there were a number of alerts in the application that are specific to an indexer cluster and I was testing in a standalone cloud setup so those alerts are not relevant here.

Any of the alerts I tested that referred to the cluster master or similar failed but overall it works better than I expected since I designed and tested this all on-premise.

If you do find issues or have suggestions feel free to comment here or send a github pull request via https://github.com/gjanders/SplunkAdmins

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...