TrackMe Limited

Discover TrackMe

Start your success journey with TrackMe, your Splunk business will never be the same again.

Splunk Feeds tracking

TrackMe comes with three components designed to monitor and track your Splunk data sources' availability and quality. These components focus on tracking delays and latency, ensuring data quality through an event format recognition engine, and detecting trend anomalies using Machine Learning Outliers.

All about data availability and quality

Regarding Splunk as a platform, regardless of whether it's used for security or other purposes, it's all about the data. Monitoring your Splunk feeds' availability and quality is crucial for success, as it helps you maximize the platform's potential, maintain the highest level of service quality, and safeguard your Splunk investments.

A challenge TrackMe tackles like no other

TrackMe's Splunk feed tracking components address this challenge like no other solution. A comprehensive and feature-rich suite offers the flexibility needed to ensure your feeds are available when expected, with optimal performance and continuous quality control.

Monitor your data from any kind of angle, track latency, delay, quality and more with the Machine Learning Outliers detection

TrackMe provides an array of features designed to continuously monitor the Key Performance Indicators that matter most. Keep an eye on feed delays and latency, detect and alert on unusual trends with Machine Learning Outlier detection, and depend on a consistent and user-friendly workflow to manage alerts and detections – from automated investigations to TrackMe notable events.

Scale at any size

A significant challenge in detecting key conditions for data availability and quality is balancing scalability and cost. TrackMe introduces new dimensions with its Hybrid Trackers, which run concurrently to examine portions of your valuable data. Combined with TrackMe's core concept of Virtual Tenancy, it scales to any size, providing the capabilities to manage costs and performance effectively, from a terabyte-scale Splunk deployment to dozens or more.

Splunk Workload

Efficiently track and manage scheduled report activities and anomalies at scale, identify costly trends, and optimize Splunk workload costs

Discover and maintain scheduled activity

The Workload component identifies scheduled activities within your Splunk deployment, whether local or remote, and continuously monitors their performance and anomalies over time. It detects various conditions such as execution errors, scheduling issues, assignment problems, delayed use case executions, and more.

Get alerted and protect your use cases

Whether you are a Splunk Enterprise Security customer or use Splunk for other purposes, protecting and detecting use case issues is a critical challenge that TrackMe addresses like no other solution. Stay informed of significant problem detections and take action before your business is impacted.

Track search changes and detect associated consequences

TrackMe's Workload component continuously monitors changes in scheduled reports and alerts, associating the current version with an identifier – the version_id. The knowledge object metadata is persistently retained, enabling the association of performance or execution issues with changes in the use cases.

Detect top resources consummers, identify poor quality scheduled and protect your investments

The Workload component offers immense value to Splunk administrators, use case owners, developers, platform owners, and those involved in capacity planning. From detecting issues to continuously monitoring consumer and use case performance, the benefits TrackMe delivers to your daily Splunk operations are substantial, transforming the way you manage your Splunk platform.

TrackMe Flex Object Tracking

TrackMe Flex Object Tracking is the Magic TrackMe component ready for literally any kind of use case, whatever a Splunk search generate can be used as the root of your Flex Tracker, from monitoring Heavy Forwarders modular inputs, to Data Model acceleration or your very own critical business data!

Pre-buit Use Cases

TrackMe provides dozens of pre-built use cases to monitor a variety of products and components, from monitoring Splunk Enterprise clusters, Deployment Servers, KVstores and even third party products such as Cribl Logstream, Splunk SOAR Cloud and On-premise.

Free the SPL genius!

The Flex Object component offers great versatility. Simply define any Splunk search and use the results to establish entities, status, and optionally Key Performance Indicators. TrackMe takes care of the rest, maintaining Flex entities seamlessly.

Flexible beyonds limits

Flex Objects enable monitoring of various use cases, from remote Heavy Forwarder inputs to other applications. They integrate seamlessly into TrackMe's distinctive workflow, tracking status changes, automatically recycling high-performance metrics, utilizing Machine Learning Outliers, employing flipping status and Notables, and more.

When simplicity means efficiency

Combined with TrackMe Virtual Tenants and TrackMe Splunk Remote Deployment features, there is hardly anything you can't achieve with Flex Object Tracking. Green signifies good, red indicates bad, orange represents unknown, and Key Performance Indicators guide you. It certainly sounds like a winning formula!

Splunk Common Information Model compliance tracking

Splunk Common Information Model is a key concept at the root of Splunk Enterprise Security, with the splk-cim TrackMe component, define and apply highly flexible rules to continuously monitor your CIM compliance.

Common Information Model compliance

With the splk-cim TrackMe component, establish and monitor your CIM compliance using a comprehensive and adaptable workflow. From the perspective of a CIM Data Model, create your own rules, which can be further cloned or saved as templates, allowing you to track your parsing compliance at scale.

Highly flexible and reproducible

CIM Trackers are guided by a JSON template that outlines the rules for compliance tracking. A regular expression-based logic calculates the compliance percentage according to your regex rule. The percentage of unknown results is considered as a secondary Key Performance Indicator, validating the compliance level of a given CIM entity.

Integrated within TrackMe’s incident workflow, extended with Machine Learning Outliers, and more.

CIM Trackers automatically generate metrics for each monitored CIM field. These metrics are readily available for investigation purposes and serve as input for TrackMe's Machine Learning Outlier detection engine.

Splunk Remote Deployments

From a single deployment of TrackMe , transparently manage Splunk remote deployments, just as if data was locally searchable.

Define your Remote Deployments

TrackMe incorporates a concept of Remote Splunk accounts, allowing you to define an account by specifying its URL-based access while utilizing a bearer token for secure SSL connectivity. TrackMe's remote search integration also addresses High Availability and Load Balancing concerns. By defining multiple API endpoints, TrackMe will evenly distribute searches among accessible endpoints.

Call any Remote Splunk account anytime, anywhere

When creating a new Virtual Tenant or TrackMe Tracker, you can utilize a previously defined Remote Splunk deployment. TrackMe checks for connectivity and authentication, and once confirmed, you're all set to proceed!

TrackMe translates searches on the fly

When an entity is linked to a Remote Splunk Account, TrackMe seamlessly executes searches using its built-in backend, intelligently dividing tasks between remote and local operations for a transparent user experience.

Handle any search remotely!

Indeed, the Remote Splunk Search capabilities integrated with Virtual Tenants enable TrackMe to serve as a single source of truth. Whether you're an MSP or managing multiple Splunk deployments, this feature unlocks a wealth of powerful possibilities.

TrackMe Virtual Tenants

At the root of TrackMe, create Virtual Tenants to scale, dedicate, experiment and much more!

Create Virtual Tenants as needed

A Virtual Tenant functions like an individual virtual instance of TrackMe, managing the life cycle of its knowledge objects – from creation and enablement to deletion – independently and without affecting other tenants.

Many use cases, many Virtual Tenants!

Each customer is unique, as are their use cases. You can create a Virtual Tenant tailored to specific perimeters, data scopes, or components, and dedicate it to particular teams or purposes.

A story of TrackMe components

When creating a Virtual Tenant, you can choose a TrackMe component, set primary options, and even create Hybrid trackers during the creation phase, depending on the available TrackMe components.

Scaling, with full control

By defining the scope of Virtual Tenants, you gain complete control over what is enabled and how it functions. You can design the purpose and scope of a tenant, allowing for logical and natural scalability management.

Role Based Access Control

Virtual Tenants enable you to manage ownership, administrative, and user access efficiently and effortlessly. They allow you to grant limited access to TrackMe for your teams with ease. All data or metrics generated by TrackMe reference the Tenant ID, making it simple to locate specific information.

Love multi-tenancy at last

TrackMe was designed with multi-tenancy in mind. When creating a Virtual Tenant, you can optionally define the target indexes for TrackMe data and metrics, allowing you to leverage Splunk's RBAC capabilities to control access easily. This feature is seamlessly supported within TrackMe.

Operational status and tenant health

TrackMe carefully monitors the state and health of every active Virtual Tenant, potential tracker failures or misconfigurations are detected, logged and exposed to provide you the greatest visibility.

Experiment, disable, delete, update

TrackMe manages it all for you, from every single object such as Hybrid Trackers or alerts that were created, you can disable a Tenant, or purely delete it and let TrackMe handle the cleaning for you. You can as well re-assign objects, or update RBAC policies accordingly.

User profile preferences

Users can customize their preferences for the Virtual Tenants user interface, such as the position of Virtual Tenants in the grid, their visibility, or behaviors. The Virtual Tenants screen provides immediate insight into the operational statuses of Splunk, fully adapted to your context and preferences.

Hybrid Trackers

Hybrid Trackers are TrackMe integrations designed for scheduled backends, responsible for discovering and maintaining entity statuses and knowledge within TrackMe components.

Create Hybrid Trackers as needed

Hybrid Trackers are scheduled components that you create through a guided and controlled process. They handle essential tasks such as discovering and maintaining the status of TrackMe entities, and are meticulously designed and monitored.

A deep integration in TrackMe to report failures and performance counters

Hybrid Trackers, along with all other forms of TrackMe Trackers, are encapsulated within the application backend logic. They report statuses to a central component, known as the component register, and meticulously log their activity as well as performance indicators.

Hybrid Trackers are centrally managed and parts of a global workflow

TrackMe keeps track of all its components. When you create or delete a Hybrid Tracker, TrackMe records these changes and knows what actions to take if you later decide to delete, disable, or update aspects such as RBAC and ownership.

TrackMe REST API

In TrackMe, everything revolves around API endpoints. In fact, any action that can be performed through the user interface can also be accomplished via a REST API endpoint, allowing for easy execution and automation both within and outside of Splunk.

TrackMe REST API as a whole

TrackMe heavily relies on its comprehensive REST API endpoints to carry out various operations, ranging from creating Virtual Tenants and Hybrid Trackers to managing the product life cycle. Anything you can accomplish in the UI can be done through its REST API!

TrackMe REST API reference

TrackMe simplifies API usage with its auto-discovery and documentation process, clearly presenting all of its API endpoints in an easy-to-understand manner. Examples of usage complement the design, enabling you to make the most of the APIs without writing a single line of code.

TrackMe REST API Splunk wrapper

Included with TrackMe is an SPL custom command that functions as a REST API wrapper. This allows you to utilize REST API endpoints with the convenience and power of the Splunk Processing Language, making the process straightforward and efficient.