Deploy to Splunk Cloud

Splunk Cloud compatibility and limitations

The Metricator application stack has not yet been vetted to Splunk Cloud, but this process is currently on going.

In a nutshell, the “metricator-for-splunk” will be deployed to your ad-hoc search head and the “SA-metricator-for-nmon” will be deployed by Splunk Cloud operations to your indexers stack.

To achieve this, submit a ticket to Splunk Cloud Ops to request the deployment of the Support Addon. (which gets deployed to the cluster master and then pushed to the indexers)

Then the application must be deployed on the Splunk Cloud search head, when an application has been vetted for Cloud Ops, this can be done as a self-service. (Otherwise submit the request to Cloud Ops teams)

Finally, you will use your own on premise tools to push and deploy the “TA-metricator-for-nmon” to your servers, which can send either directly to your Splunk Cloud indexers (recommended) or your on-prem intermediate forwarders.

Splunk Cloud deployment matrix

Splunk Cloud components:

Splunk roles

metricator-for-nmon

SA-metricator-for-nmon

TA-metricator-*

Search head

X

Indexer

X

The Support Add-on does not generate any collection, but defines the replicated nmon index and contains index time configuration settings.

If running ITSI, the ITSI module must be deployed on all premiump apps search running ITSI:

Splunk roles

DA-ITSI-METRICATOR-NMON

ITSI Search head(s)

X

On premise components: (you may not have all these roles on-premise depending on your configuration)

Splunk roles

metricator-for-nmon

SA-metricator-for-nmon

TA-metricator-*

Search head

X

X (optional)

Indexer

X

X (optional)

Master node

X (optional)

Deployment server

Conditional

Conditional

Heavy Forwarder

Conditional

Conditional

Universal Forwarder

X

The Technology Add-ons provide metrics and configuration collection for the host than runs the add-on, which is optional.

The Support Add-on does not generate any collection, but defines the replicated nmon index and contains index time configuration settings.

HTTP Event Collector configuration installation (only for TA-metricator-hec-for-nmon)

If using the Technical Addon for HEC, you need to request the creation of a new HEC token with the following requirements:

  • Source name override: Optional

  • Sourcetype: Automatic

  • Indexes allowed: os-unix-nmon-events, os-unix-nmon-metrics, os-unix-nmon-config

  • Default index: os-unix-nmon-events (unused, could be any of the indexes)

Once the token has been created, you need to provide these information to a local/nmon.conf configuration file:

  • Create a local directory in $SPLUNK_HOME/etc/apps/TA-metricator-hec-for-nmon

  • Copy default/nmon.conf to local/nmon.conf

  • Edit the nmonparser options and ensure to configure the Splunk HEC endpoint URL and the value of your token:

nmonparser_options="--mode fifo --use_fqdn --silent --no_local_log --splunk_http_url https://splunk.mydomain.com:8088/services/collector/event --splunk_http_token insert_your_splunk_http_token --splunk_metrics_index os-unix-nmon-metrics --splunk_events_index os-unix-nmon-events --splunk_config_index os-unix-nmon-config"