Merge pull request #189 from guilhemmarchand/testing

Version 1.2.26

docs/compatibility.rst

@@ -4,14 +4,20 @@ Compatibility
 Splunk compatibility
 ####################
 
-This application is compatible with Splunk 7.2.x and later.
+.. admonition:: Splunk core
+
+    - TrackMe is compatible with Splunk 7.2.x and later.
 
 The previous main branch of TrackMe (V1.1.x) was compatible with Splunk versions starting from Splunk 7.0.x, which changed from 7.2.x due to the usage of the mcollect command.
 
 Splunk Cloud compatibility
 ##########################
 
-**TracMe is vetted for Splunk Cloud deployment.**
+.. admonition:: Splunk Cloud vetting
+
+    - TrackMe is vetted for Splunk Cloud deployments
+    - When a new release is pubished, there can be some time before the last release is vetted
+    - Even if the latest release would not be vetted yet, open a request to Cloud Ops and the vetting process will be achieved
 
 *Splunk Cloud notes:*
 

docs/configuration.rst

@@ -1,19 +1,19 @@
 Configuration
 #############
 
-**Since the version 1.2.6, TrackMe requires the creation of a metric index, or the configuration of the metric index target if you wish to use an existing index:**
+.. hint:: Since TrackMe 1.2.6, the application requires the creation of a metric index
 
 .. image:: img/configure_ui_metrics_idx.png
    :alt: configure_ui_metrics_idx.png
    :align: center
 
-**Since the version 1.2.4, TrackMe requires the creation of a summary index, or the configuration of the summary index target if you wish to use an existing index:**
+.. hint:: Since TrackMe 1.2.4, the application requires the creation of an event index
 
 .. image:: img/configure_ui_summary_idx.png
    :alt: configure_ui_summary_idx.png
    :align: center
 
-**All main configuration items are macro based, which are exposed in the configuration UI:**
+.. tip:: In TrackMe, all main items are macro based such that these can be customised if required, an easy access is provided via the configuration UI
 
 .. image:: img/configure_ui.png
    :alt: configure_ui.png
@@ -22,12 +22,14 @@ Configuration
 Tags enrichment macro definitions
 =================================
 
+.. admonition:: Tags enrichment feature
+
+   Tags enrichment is made available when investigating a data or metric host within the user interface, to provide valuable context and get benefit from assets information available in the Splunk deployment.
+
 .. image:: img/macro_tags.png
    :alt: macro_tags.png
    :align: center
 
-**Tags enrichment is made available when investigating a data or metric host within the user interface, to provide valuable context and get benefit from assets information available in the Splunk deployment.**
-
 **Splunk Enterprise Security assets usage:**
 
 If TrackMe is running on the same search head than Enterprise Security and you wish to use its assets knowledge, customize the macro with ```get_asset(data_host)``` for data hosts, and ```get_asset(metric_host)``` for metric hosts.
@@ -124,7 +126,7 @@ Activation of built-in alerts
 
 - TrackMe - Alert on metric host availability
 
-**These alerts are disabled by default, and need to be manually enabled if you wish to use them in your global alerting workflow.**
+.. warning:: These alerts are disabled by default, and need to be manually enabled if you wish to use them in your global alerting workflow.
 
 trackme_admin role for granular access
 ======================================

docs/deployment.rst

@@ -17,7 +17,7 @@ If Splunk search heads are running in Search Head Cluster (SHC), the Splunk appl
 Dependencies
 ============
 
-**Since TrackMe 1.2.0, there are dependencies:**
+.. hint:: Since TrackMe 1.2.0, there are several application dependencies
 
 - Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
 - Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
@@ -26,7 +26,7 @@ Dependencies
 Indexes
 =======
 
-**Since the version 1.2.6 TrackMe requires the creation of an event index and a metric index:**
+.. hint:: Since TrackMe 1.2.0, the application requires the creation of an event index and a metric index
 
 - summary event index defaults to ``trackme_summary``, handled by the macro ``trackme_idx``
 - metric index defaults to ``trackme_metrics``, handled by the macro ``trackme_metrics_idx``

docs/index.rst

@@ -6,17 +6,17 @@
 Welcome to the Splunk TrackMe application documentation
 ========================================================
 
-**The Splunk TrackMe application provides automated monitoring and visibility insight of your data sources availability, with a powerful user interface and workflow for Splunk product owners to detect and alert on failures or abnormal latency:**
+**TrackMe provides automated monitoring and visibility insight of your data sources, with a powerful user interface and workflow for Splunk product owners to detect and alert on lack of availability, abnormal latency, volume outliers detection and quality issues:**
 
 - Discover and store key states information of data sources, data hosts and metric hosts availability
-- Provides a powerful user interface to manage activation states, configuration and quickly trouble availability failure detection
+- Provides a powerful user interface to manage activation states, configuration and quickly identify data availability failures
 - Analyse and detect lack of data and performance lagging of data sources and hosts within your Splunk deployment
 - Behaviour analytic with outlier detection based on machine learning outliers calculations
-- Behaviour analytic with data sampling and event format recognition, monitor and detect anomalies in raw events to detect event format changes or misbehaviour
+- Behaviour analytic with data sampling and event format recognition, monitor and detect anomalies in raw events to detect event format changes or misbehaviour based on builtin rules and extended with your own custom rules
 - Create elastic sources for any kind of custom monitoring requirements based on tstats / raw / mstats / from searches to fullfill any requirements
 - Record and investigate historical changes of statuses, as well as administrators changes (audit flipping and changes)
 - Easy administration via graphical human interface from A to Z
-- No matters the purpose of your Splunk deployment, trackMe will easily become an essential and easy piece of your deployment, and even providing efficient answers to PCI and compliance requirements
+- No matters the purpose of your Splunk deployment, trackMe will become an essential piece of your deployment, providing key value for PCI or compliance requirements
 - Keep things under your control and be the first to know when data is not available, get alerted before your users get back to you!
 
 .. image:: img/screenshots_main/img001.png
@@ -41,13 +41,13 @@ Welcome to the Splunk TrackMe application documentation
 
 **Why this application?**
 
-Splunk administrators and engineers have to spend a good amount of time and energy to on-board new data sources, another data source after another data source.
+Splunk administrators and engineers have to spend a good amount of time and energy to on-board and monitor data sources, which becomes more and more complex and time consuming with the explosion of volume and variety of data.
 
-However, it is very frequent to realise after math that something went wrong, for some reason the sender stopped sending, an upgrade broke a configuration, a network rule was lost…
+However, it is very frequent to realise after math that something went wrong, for some reason the sender stopped sending, an upgrade broke a configuration, a network rule was lost, an unexpected side effect of a change occurred, parsing issues are not detected...
 
-No administrator should be informed of an issue in the data flow by the customer or end users, this is why you need pro-activity and costless availability monitoring.
+No administrator should be informed of an issue in the data flow by the customer or the end users, this is why you need pro-activity, costless and scalable availability monitoring.
 
-with the massive amount of data sources, this becomes easily a painful and time consuming activity, this application aims to drastically help you in these tasks.
+with the massive amount and variety of data sources, this becomes easily a painful and problematic activity, this application aims to drastically help you in these daily tasks.
 
 TrackMe provides a handy user interface associated with an efficient data discovery, state and alerting workflow.
 
@@ -61,12 +61,14 @@ No matters the purpose of your Splunk deployment, trackMe will easily become an
 - PCI and compliance: deliver, alert and action
 - Monitoring and insight visibility about your indexes, sourcetypes, events and metrics
 - General data activity monitoring and detection of Zombie data
+- Continous and automated data quality assessment
 
 Overview:
 =========
 
 .. toctree::
    :maxdepth: 2
+   :caption: Overview
 
    about
    compatibility
@@ -78,6 +80,7 @@ Deployment and configuration:
 
 .. toctree::
    :maxdepth: 2
+   :caption: Deployment and configuration
 
    deployment
    configuration
@@ -87,6 +90,7 @@ User guide:
 
 .. toctree::
    :maxdepth: 2
+   :caption: Usage
 
    userguide
    itsi_integration
@@ -96,13 +100,15 @@ Troubleshoot:
 
 .. toctree::
    :maxdepth: 1
+   :caption: Troubleshoot
 
    FAQ
 
-Versioniong and build history:
-==============================
+Versioning and build history:
+=============================
 
 .. toctree::
    :maxdepth: 1
+   :caption: Versioning
 
    releasenotes.rst

docs/releasenotes.rst

@@ -1,6 +1,25 @@
 Release notes
 #############
 
+Version 1.2.26
+==============
+
+**CAUTION:**
+
+This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:
+
+- Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
+- Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
+- Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
+
+TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
+https://trackme.readthedocs.io/en/latest/configuration.html
+
+- Feature: Issue #186 - Data sampling - during the creation of a custom rule, its scope can now be restricted to a list of specific sourcetypes to dedicate custom rules and avoid rules overlapping issues
+- Feature: Issue #188 - SLA calculation migration from flipping statuses events to current statuses events for reliable results / SLA dashboard improvements / Drilldown from SLA single percentage in TrackMe main UI to SLA dashboard
+- Feature: Issue #190 - UI improvements - provide quick access to data sampling custom rules in the main data sources tab, unify trackers manual run for data sources and hosts in a single button and window
+- Feature: Issue #191 - UI improvements - Load spinner at TrackMe loading stage, Spinner design refresh globally in TrackMe
+
 Version 1.2.25
 ==============