Monitor Overview

Overview

Monitor

Atlas Monitor provides you with unparalleled visibility and alerting into your Splunk environment's data ingests. Dashboards, Alerts, and Enterprise Security all rely on a constant and reliable feed of data flowing into the Splunk environment. Without pro-active measures, however, these data streams can fail, causing inaccurate reporting and cascading failures. Splunk admins can utilize Atlas's simple interface to create Monitors, which will track and alert on data ingest failures, preventing errors and increasing reliability. Monitors efficiently utilize Splunk resources to do more with less, while providing highly detailed reporting without added complexity. Within Atlas Monitor, admins are able to group together Monitors to consolidate reporting, and can leverage lookup tables and custom searches to leverage Change Management Knowledge Objects. With Atlas Monitor, admins have a powerful tool that will increase data flow stability and awareness.

Monitor Capabilities

• At-a-glance summaries to enable admins to quickly assess data flow health with custom thresholding

• Create, edit, and report Monitor Groups, allowing admins to group together related data flows for visualizations and reporting

• Leverages metric indexes and enhanced searching to reduce resource utilization

• Report on Outages to enable historical tracking of downtime

• Automatically send alerts by email when Monitors breach thresholds

• Integrate lookup tables for integrating CMDB and assets & identities files

• Create custom searches to monitor unique data sets utilizing advanced base searches

Requirements & Installation

Installing & Configuring Atlas Monitor

For distributed Splunk environments, Atlas Monitor needs a metric index installed on the Indexing and Search tiers of the Splunk environment. Contact Expertise On Demand to if you have any troubles installing Atlas Monitor.

If a suitable metrics index already exists, simply configure the atlas_monitor_index macro in Monitor's Configuration page on your search tier to use it.

Otherwise, follow these steps to create the index, and then configure the macro.

1. Download the Atlas Monitor Technical Add-on (TA) from the Service Now Portal. It is found next to all other packages

2. Create a local directory and use the indexes.conf from the default directory as guidance for writing an index definition that aligns with the paths you use on your indexers.

3. Using standard practices, install the TA on the Indexers in the Splunk environment.

4. Make a copy of the Monitor TA and edit the local indexes.conf to adjust the paths if they are different on your search heads. Some customers will need to avoid using volume definitions that are defined only on indexers.

5. Using standard practices, install the TA on the Search Heads in the Splunk environment.

6. Ensure that Monitor is installed on the Search tier of the Splunk environment.