Disable default search metrics #39068
Conversation
shalper2
force-pushed
the
disable-default-search-metrics
branch
from
ee0256a to
761eebf
Compare
| @@ -20,6 +20,8 @@ jobs. | |||
|
|
|||
| ## Configuration | |||
|
|
|||
| By default the Splunk Enterprise receiver is not configured to gather any metrics (i.e. there are no metrics enabled by default). | |||
There was a problem hiding this comment.
Maybe bold this? This is going to get asked about because reading is hard :(
shalper2
force-pushed
the
disable-default-search-metrics
branch
from
761eebf to
ced2562
Compare
There was a problem hiding this comment.
Approved, thanks for getting this in Sam! I know that one Prometheus test we can't control pass/fail.
@michael-burt for awareness also
There was a problem hiding this comment.
One question (that can be a follow up PR) - the scrapeSearchArtifacts scrape function appears to run its search whether or not the metrics are enabled, and only record them if enabled. I'm not familiar enough with splunk enterprise to know if that would be a concern.
| component: splunkenterprisereceiver | ||
|
|
||
| # A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). | ||
| note: "disabled default metrics to prevent unexpected Splunk enterprise behavior" |
There was a problem hiding this comment.
| note: "disabled default metrics to prevent unexpected Splunk enterprise behavior" | |
| note: "disabled all metrics other than splunk.health by default to ensure all searches run on Splunk enterprise are opt-in" |
There was a problem hiding this comment.
I think the existing language is a little confusing, I've offered an alternative but feel free to iterate or keep it the same if you feel strongly.
There was a problem hiding this comment.
this is a good callout -- was trying to be brief but maybe was a little too brief
This is a good call out @dehaansa. We should fix this, however it is important to note that scrapeSearchArtifacts is not firing off searches, it is calling the REST API. |
dehaansa
added
ready to merge
|
Oops - went and confirmed the codeowners list and realized that the gang's all here 👍 . Marked ready for merge. |
oh shoot great catch Sam. Let me fix this before merging. Like @michael-burt pointed out it shouldn't have too much of an impact but I think that if something is disabled a user should expect it to behave like its not there. |
shalper2
force-pushed
the
disable-default-search-metrics
branch
from
ced2562 to
ddfae9d
Compare
#### Description Removing default metrics (i.e. setting all metrics to `enabled: false`). This is primarily to prevent unwanted ad-hoc searches from running on Splunk Enterprise deployments which could have unforeseen side effects. #### Documentation The `README.md` was updated to reflect these changes.
#### Description Removing default metrics (i.e. setting all metrics to `enabled: false`). This is primarily to prevent unwanted ad-hoc searches from running on Splunk Enterprise deployments which could have unforeseen side effects. #### Documentation The `README.md` was updated to reflect these changes.
Description
Removing default metrics (i.e. setting all metrics to
enabled: false). This is primarily to prevent unwanted ad-hoc searches from running on Splunk Enterprise deployments which could have unforeseen side effects.Documentation
The
README.mdwas updated to reflect these changes.