Merge pull request #36 from guilhemmarchand/version_1021

Version 1021

README.md

@@ -17,6 +17,10 @@
 
 ![screenshot2](./docs/img/screenshot2.png)
 
+![screenshot3](./docs/img/screenshot3.png)
+
+![screenshot4](./docs/img/screenshot4.png)
+
 ![incomplete_installation.png](./docs/img/incomplete_installation.png)
 
 ## Why this application?

docs/.static/README

@@ -0,0 +1 @@
+static files

docs/configuration.rst

@@ -1,7 +1,11 @@
 Configuration
 #############
 
-**Very few specific configuration items that are required:**
+**TrackMe does not require any configuration and works out of the box after its installation, however there are some configuration items that can modified up to your needs, jump to the manage and configure tab in the application UI:**
+
+.. image:: img/configure_ui.png
+   :alt: configure_ui.png
+   :align: center
 
 tstats root macro definition
 ============================
@@ -23,8 +27,8 @@ If you are using Splunk 7.3.x or a later version, you can include the reduced bu
     definition = tstats include_reduced_buckets=t
     iseval = 0
 
-Index macro definition
-======================
+Indexers macro definition
+=========================
 
 The builtin views "Ops: Indexes queues" and "Ops: Parsing issues" rely on the usage of the following macro:
 
@@ -56,3 +60,50 @@ This is driven by the following macro definition:
     iseval = 0
 
 If you prefer to have a different format, customise this macro definition.
+
+Whitelisting of indexes
+=======================
+
+The default behaviour of TrackMe is to track data available in all indexes, a macro is used within each tracker which can be modified if you wish to restrict TrackMe to a given list of indexes or any other valid Meta data filter:
+
+::
+
+    # used as the top of the populating searches
+    [trackme_tstats_main_filter]
+    definition = sourcetype!="stash" sourcetype!="*too_small"
+    iseval = 0
+
+Activation of out of the box alerts
+===================================
+
+**TrackMe provides out of the box alerts that be used to deliver alerting when a data source or host reaches a red alert:**
+
+- TrackMe - Alert on data source availability
+
+- TrackMe - Alert on data host availability
+
+**These alerts are disabled by default, and need to be manually enabled if you wish to use them in your global alerting workflow.**
+
+trackme_admin role for granular access
+======================================
+
+**The application contains a builtin role that can be used for granular permissions:**
+
+- trackme_admin
+
+Any user that will be member of this role, or member of a role that is importing this role, will receive the relevant permissions to configure objects such as collections content related to trackMe.
+
+Default priority for data discovery
+===================================
+
+**When a data source or host is discovered by TrackMe, a default value of medium priority is automatically defined via the usage of the following macro:**
+
+- trackme_default_priority
+
+**You can safety customise the macro is you wish to configure a default level of priority by default, which values can be one of the following:**
+
+- low
+- medium
+- high
+
+*Notes: the high value is designed by default to be the highest SLA failure, which should ideally refer to an alert in your ticketing system.*

docs/releasenotes.rst

@@ -1,6 +1,23 @@
 Release notes
 #############
 
+Version 1.0.21
+==============
+
+- feature: Introducing a priority (low/medium/high) concept to ease granular alerting of data sources and hosts
+- feature: Home landing page reviewed to expose data sources and host and any alert, and with high priority in alerts
+- feature: Colored vignette design in modal window to ease investigating statuses
+- feature: Default OOTB alerts now filter on red, and medium (default priority) or high priority entities
+- feature: Improvement of OOTB alerts (outputs by default human readable time stamps for key fields)
+- feature: TrackMe Mobile dashboard for dark theme summary view compatible with Splunk Mobile Experience (Apple TV, Mobile)
+- feature: Improved navigation for unified modification modal windows
+- feature: Drilldown on single forms, defines filtering based on the single form purpose
+- feature: Manage and configure tab in main UI, access to reset collections functions or key macros definition and short cuts
+- fix: data sources that came of scope might loose time context upon time and returned as green state
+- fix: over time, trackers can re-add old entries due to flipping state cross-searches
+- fix: data_host_state icon shown as empty if state=orange due to mismatch in macro eval state icon for data_host
+- fix: trackers should refer to the tstats macro
+
 Version 1.0.20
 ==============
 

docs/userguide.rst

@@ -4,7 +4,7 @@ User guide
 First steps with the application
 ================================
 
-**Open up the application:**
+**Open the application:**
 
 .. image:: img/minilabel.png
    :alt: minilabel.png
@@ -32,7 +32,8 @@ Data sources availability tracking
 **The data sources availability tracking is the first and default active tab in the user interface, it provides:**
 
 - Single form overview of the total number of data sources discovered ("DATA SOURCES")
-- Single form overview of the number of data sources in alert ("DATA SOURCES IN ALERT")
+- Single form overview of the number of data sources in alert ("ANY PRIORITY DATA SOURCES IN ALERT")
+- Single form overview of the number of data sources in alert with an high priority ("HIGH PRIORITY DATA SOURCES IN ALERT")
 - Single form overview of the total number of data sources that are not being monitored ("DATA SOURCES NOT MONITORED")
 - Filters for investigations
 - A dynamic and interactive table representation of the data sources content. (see bellow)
@@ -46,9 +47,10 @@ The data sources state table exposes the information and the state of each data
 - **data_sourcetype:** the name of the sourcetype
 - **last time:** a human readable value of the latest time data was seen for this data source (respectively from limitations of the short and long term trackers time range scopes)
 - **last ingest:** a human readable value of the latest time data was indexed for this data source (respectively from limitations of the short and long term trackers time range scopes)
+- **priority:** a value that describes the priority (low / medium / high) of the data source, to be used for granular alerting purposes
 - **state:** the state of the data source based on the monitoring rules for this data source
 - **data_last_lag_seen:** the latest lag value in seconds seen for that data source
-- **data_last_seen_index:** a human readable value of the latest time data was seen in this index (can be used to monitor on a per index basis rather than on a per sourcetype basis)
+- **last time idx:** a human readable value of the latest time data was seen in this index (can be used to monitor on a per index basis rather than on a per sourcetype basis)
 - **data_last_lag_seen_idx:** the latest lag value in seconds seen for that index (can be used to monitor on a per index basis rather than on a per sourcetype basis)
 - **data_max_lag_allowed:** the maximal value of lag accepted for this data source
 - **monitoring:** the monitoring state of this data source, can be enabled or disabled
@@ -75,7 +77,8 @@ Data hosts availability tracking
 **The data hosts availability tracking is the second available tab in the user interface, it provides:**
 
 - Single form overview of the total number of data hosts discovered ("DATA HOSTS")
-- Single form overview of the number of data hosts in alert ("DATA HOSTS IN ALERT")
+- Single form overview of the number of data hosts in alert ("ANY PRIORITY DATA HOSTS IN ALERT")
+- Single form overview of the number of data hosts in alert with an high priority ("HIGH PRIORITY DATA HOSTS IN ALERT")
 - Single form overview of the total number of data hosts that are not being monitored ("DATA HOSTS NOT MONITORED")
 - Filters for investigations
 - A dynamic and interactive table representation of the data hosts content. (see bellow)
@@ -87,9 +90,10 @@ The data hosts state table exposes the information and the state of each data ho
 - **data_host:** the discovered name of the host
 - **data_index:** the name of the index(es) where resides the data
 - **data_sourcetype:** the name of the sourcetype(s)
-- **last time:** a human readable value of the latest time data was seen for this data source (respectively from limitations of the short and long term trackers time range scopes)
-- **last ingest:** a human readable value of the latest time data was indexed for this data source (respectively from limitations of the short and long term trackers time range scopes)
-- **state:** the state of the data source based on the monitoring rules for this data source
+- **last time:** a human readable value of the latest time data was seen for this data host (respectively from limitations of the short and long term trackers time range scopes)
+- **last ingest:** a human readable value of the latest time data was indexed for this data host(respectively from limitations of the short and long term trackers time range scopes)
+- **priority:** a value that describes the priority (low / medium / high) of the data host, to be used for granular alerting purposes
+- **state:** the state of the data source based on the monitoring rules for this data host
 - **data_last_lag_seen:** the latest lag value in seconds seen for that data source
 - **data_max_lag_allowed:** the maximal value of lag accepted for this data source
 - **monitoring:** the monitoring state of this data source, can be enabled or disabled
@@ -148,6 +152,19 @@ The monitoring state drives different aspects of the restitution within the UI,
    :alt: monitored_state.png
    :align: center
 
+Modifying the priority
+----------------------
+
+.. image:: img/modify_priority.png
+   :alt: modify_priority.png
+   :align: center
+
+**The priority of an object can be modified in the UI via the unified modification window, the following values are valid and available:**
+
+- low
+- medium
+- high
+
 Modifying a data source / data host
 -----------------------------------
 
@@ -371,3 +388,14 @@ Out of the box alerts
 - TrackMe - Alert on data host availability
 
 **The builtin alerts are disabled by default.**
+
+Connected experience dashboard for Splunk Mobile & Apple TV
+===========================================================
+
+**TrackMe provides a connected experience dashboard for Splunk Cloud Gateway, that can be displayed on Mobile applications & Apple TV:**
+
+.. image:: img/connected_dashboard.png
+   :alt: connected_dashboard.png
+   :align: center
+
+This dashboard is exported to the system, to be made available to Splunk Cloud Gateway.

trackme/default/app.conf

@@ -11,9 +11,9 @@ check_for_updates = true
 
 [ui]
 is_visible = 1
-label = TrackMe - Easy data tracking system for Splunk admins
+label = TrackMe
 
 [launcher]
 author = Guilhem Marchand
 description = Easy data tracking system for Splunk admins
-version = 1.0.20
+version = 1.0.21