This repo contains all of the configuration necessary to quickly deploy a working set of GDI, visualization, and alerting configurations for Splunk Infrastructure Monitoring and Troublehshooting that aligns with our customers most commonly requested use cases and the use cases we have outlined in the IMT Autobahn
This section covers the steps that should be done before this app can be configured and used. The steps and process for doing these things are well documented and processed elsewhere
- Deploy UF to desired hosts correctly configured to "phone home" to Splunk deployment server
- Deploy SA to desires hosts (validate presence of basic host metrics in SIM)
- Configure UF (via outputs.conf) to send data to Splunk as expected (validate internal logs from UF)
- Configure SA with base agent.yaml from this repo (re-validate presence of basic host metrics)
- Ensure $SPLUNK_HOME is present and accurate on all Splunk instances (including UFs)
- Deploy configs to deployment server
- Deploy configs to indexers
- Deploy configs to SH
- Configure SIM TA with correct realm and token
- Run SIM terraform
- TODO configure SIM org ID into Splunk IMT Quick Start App
- TODO deployment server stuff
- Navigate to Splunk IMT Quick Start app on SH
- Review use cases and procedures and click to view implementation
- Customize as appropriate for proof