The Layer8Insight App for Splunk and the Layer8Insight Indexer App for Splunk have been updated to version 1.3.1 and are posted on Splunkbase. This release adds support for the new JSON formats and includes many new features and improvements.
Layer8Insight Indexer App for Splunk, version 1.3.1
- Updated logo
Support for HTTP Event Collector and new JSON format that includes Splunk metadata fields
Support for generic JSON format of Layer8Insight agent data
Updated the default truncation limit to 10,000 characters
- Removed default index and input specifications (indexes.conf and inputs.conf, respectively) per the Splunk App certification requirements
- This change requires administrators to copy existing settings prior to applying the updated app
- The suggested procedure is to copy/merge anything in indexes.conf and inputs.conf under the Layer8Insight apps into the equivalent files in the system folder "$SPLUNK_ROOT/etc/system/local". See included README.md in the app for more details.
Layer8Insight App for Splunk, version 1.3.1
- Updated logo
- Added support for Layer8Insight agent data and the new JSON formats
- New dashboards
- Application Activity metric analysis dashboard
- Application Wait Time metric analysis dashboard
- Application UX Alert dashboard
- Activity Search drilldown dashboard
Updated Client UX Drilldown dashboards to offer a persistent drilldown toggle
Cleaned up and organized features of the Logon and Web Loading dashboards
Added lookup to store the names of hosts with concerning application wait time events
Improved application wait time alert calculation performance and updated it to use the new lookup file.
Added Domain, Host and User input filters to many dashboards
- Added a macro, savedsearch, and value on the Home dashboard that reports on unexpected field value events
- Removed row of daily metrics from the UX Summary dashboard
- Changed axes on Impacted Users chart of the UX Summary dashboard
- Overhaul of internal commands to improve performance
- Changed "valid_userdata" search-time field to no longer rely on "session_type" field
- Updated transactional timeline and Gantt searches to increase their default event limits
- Cleaned up handling of maximum values in Logon Delay and Web Loading metric analysis dashboards in the drilldown section
- Fixed CSS issue on Client UX and Gantt dashboard
- Cleaned up drilldown mechanism on Version Details dashboard
- Single Value panels will not have color indicators in Splunk Enterprise 6.2.X
- In Splunk 6.5.0 and 6.5.1, dashboard inputs inside of panels automatically load changes before clicking Submit. This is a bug in Splunk, not our app. This was fixed in Splunk 6.5.2.