Version 1.2.28

• Feature Issue #201 - Elastic Sources - Support for lookup tracking with from commands
• Feature Issue #202 - Elastic Sources - Support for remote searches using rest
• Fix Issue #203 - Provides a macro based definition for first level span of Metrics trackers
• Change: Upgrade of splunklib Python SDK to latest release 1.6.14

Version 1.2.27

CAUTION:

This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

• Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
• Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
• Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120

TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
https://trackme.readthedocs.io/en/latest/configuration.html

Major improvements in data host monitoring capabilities:

• Feature: Data hosts - monitoring workflow improvement with alerting policy, monitor hosts with sourcetype level granularity at scale
• Feature: Lagging classes - policies can now be defined against the priority (data sources only), in addition policies can be set for all objects, data sources or hosts only
• Feature: Better management of allow lists / blocking lists for data hosts monitoring
• Feature: Data hosts and metric hosts rendering improvements in multi-value field structure with state rendered as emoji icons for better readability
• Change: Data hosts monitoring uses same default lagging than data sources (3600 sec)

Data sources changes:

• Feature: Issue #196 Data sources - Provides distinct count threshold capabilities to turn a data source red if the number of hosts goes beyond a static threshold, provides chart visibility in Overview screen of the data source

Others:

• Fix: Issue #193 - data hosts - the refresh button does not refresh the host screen header (priority, etc) #193
• Fix: Issue #198 - Elastic Sources - When creating a from based source, if there are no additional search constraints after the data model name, no results will be returned
• Fix: Issue #199 - Data sampling - some builtin rules are too restrictive regarding multiple spaces
• Change: Increase max height for timeline chart in Status message tab (current max height might be too low when multiple statuses)

Version 1.2.26

• Feature: Issue #186 - Data sampling - during the creation of a custom rule, its scope can now be restricted to a list of specific sourcetypes to dedicate custom rules and avoid rules overlapping issues
• Feature: Issue #188 - SLA calculation migration from flipping statuses events to current statuses events for reliable results / SLA dashboard improvements / Drilldown from SLA single percentage in TrackMe main UI to SLA dashboard
• Feature: Issue #190 - UI improvements - provide quick access to data sampling custom rules in the main data sources tab, unify trackers manual run for data sources and hosts in a single button and window
• Feature: Issue #191 - UI improvements - Load spinner at TrackMe loading stage, Spinner design refresh globally in TrackMe

Version 1.2.25

• Feature: Issue #181 - Disable data sampling on demande via the UI #181
• Fix: Issue #180 - Outliers detection impacts offline data such as low frequency batched data sources #180
• Fix: Issue #182 - Data sampling - Manual run, Clear state and run sampling UI period constraint is too short for cold data sources #182
• FIx: Issue #183 - Data Sampling - number of entities to process calculation can lead to no entities being processes #183

Version 1.2.24

CAUTION:

This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

• Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
• Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
• Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120

TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
https://trackme.readthedocs.io/en/latest/configuration.html

• Feature: Issue #153 - For ITSI and timeline integration purposes, generate and store last states information as summary events #153
• Feature: Issue #141 - Enhancement - ability to search for hosts in Data Hosts Tracking by Logical Group Name #141
• Feature: Issue #148 - Enhancement: Allow 'NOT' filter for Keyword filter name: #148
• Feature: Issue #166 - Enhancement - Provides a UI feature to allow reseting the list of metrics known for a given metric host
• Feature: Issue #174 - Enhancement - Adding the timeline viz view in the status tabs #174
• Fix: Issue #147 / Issue #161 Outliers management and configuration - fixes and improvements
• Fix: Issue #167 - Issue - Pressing "Manage: manual tags" displays dialog with ALL tags in "List of current tags for this data source" field #167
• Fix: Issue #170 - install_source_checksum should not be in app.conf (appinspect warning) #170

Version 1.2.23

• Fix: Exclusion of metrics generated by TrackMe itself would exclude other metrics generated on the same search head
• Fix: Issue #151 - error handling does not catch a failure during the creation of a new elastic source #151
• Fix: Issue #154 - Splunk Cloud vetting - capability in role will not be be granted #154
• Fix: Issue #155 - Splunk Cloud - In some specific contexts, Elastic source dedicated tracker creation fails #155

Version 1.2.22

CAUTION:

This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

• Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
• Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890

TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
https://trackme.readthedocs.io/en/latest/configuration.html

• Feature: Extending the Tags features with tags policies, this feature provides a workflow to automatically define tags using regular expressions rules matching the data_name value and its naming convention
• Feature: Improved views for Ops queues (renamed to Ops: Queues center) and Ops parsing, multi hosts selector, improved analytics
• Fix: Issue #131 - The enable data source action does not preserve the current value of data_lag_alert_kpis in the collection, which ends as a null value
• Fix: Issue #138 - Typo in the metrics screen, Metrics categories was mispelled
• Fix: Issue #139 - TrackMe metrics should be excluded out of the box from the metrics tracking
• Fix: Issue #142 - Disabing Acknowledment is broken due to the add comment feature introduction
• Fix: Issue #144 - Ack disable should use the comment for update if any #144
• Change: Include the priority value when generating the flipping status summary events
• Change: Do not load the raw_sample field when during the execution of data sources tracker execution for optimization purposes

Version 1.2.21

CAUTION:

This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

• Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
• Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890

TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
https://trackme.readthedocs.io/en/latest/configuration.html

• Feature: Introducing a new very hot feature! Data sampling and event format recognition is a new workflow that allows monitoring the event formats behaviour by processing automated sampling of the data sources and monitoring their behaviour over time, builtin rules are provided and can be extended with custom rules to handle any custom data format
• Feature: Introducing the new tags capability, you can now add tags to data sources, tags are keywords which can be set per data source to provide new filtering capabilities
• Fix: When using a custom Splunk URI path (root_endpoint in web.conf), internal calls to splunkd made the UI can fail if splunkd does not accept the root context and only accepts the custom root context
• Fix: When creating new dedicated elastic sources, if the search result name exceeds 100 characters, this results in a silent failure to create the new source
• Fix: Shorten default naming convention used for new Elastic Sources tracker names
• Fix: Limitation of the list function used in stats limits the number for Elastic shared data sources to 99 sources maximum, fixed by alternative improved syntax
• Fix: For Elastic shared sources, if the first source is a raw search, the addition of the "search" key word in the first pipeline fails under some conditions
• Change: Automatically join the acknowledgement comment in the acknowledgement screen
• Change: Time to live definition for scheduled reports (dispatch.ttl) to reduce overhead in the dispatch directory
• Change: Automatically affect a 1 minute time window when creating Elastic dedicated trackers

Version 1.2.19

• Feature: Improved rendering of the ingestion lag and event lag metrics for data sources and hosts modal windows (new single for event lag, automatically converted to a duration format)
• Feature: over KPI alerting option, this new feature allows for data sources and data hosts entities to choose which KPI to be alerting against, between all KPIS, lag ingestion KPI only or lag event KPI only.
• Feature: Improved look and feel of modal windows with a header color scheme based on the action performed
• Fix: In table checkbox CSS code fix to get square shape instead of a rectangle
• Fix: In auto lagging definition modal windows, the current modal window should be hidden automatically when the action is executed
• Fix: Minor fix of input forms spacing in the main UI related to the keyword search text input box
• Fix: Alignment of header separator issues with Firefox for the main modal Windows
• Change: Remove data_index and data_sourcetype in the table output for data sources as the data_name field itself summarises these information

Version 1.2.20

CAUTION:

This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:

• Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
• Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890

TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
https://trackme.readthedocs.io/en/latest/configuration.html

• Fix: getlistdef.py custom command fails with a Python decode error if running in a Python3 only instance
• Fix: Allowlist / Blacklist and similar deletion checkbox may fail to refresh the window content properly upon record(s) deletion
• Change: UI rendering improvements
• Fix: For metric hosts, logical group mapping generates false positive status flipping events, blue hosts should not appear in single count of hosts in alert, refresh button should respect the current blue status
• Fix: For data hosts, logical group mapping (blue hosts) should not appear in single count of hosts in alert, refresh button should respect the current blue status