A high performance ICMP input that uses icmplib. Designed for high volume concurrent testing, and utilizes a CSV file for targets. Data written with minimal raw size (license usage), and utilizes indexed extractions for maximum performance with tstats.
OS configuration may be required to run without root, see https://github.com/ValentinBELYN/icmplib/blob/main/docs/6-use-icmplib-without-privileges.md
This modular input is NOT Splunk Cloud compatible. You should only install this app on your Splunk Cloud Search Heads for the knowledge objects.
Use the sourcetype icmp:metric for metric indexes.
Helpful Tips:
When packets_sent=0 there was an issue preventing the ICMP being sent. Check the source field and _internal logs
When packets_received=0 the target is down
Updated Splunklib
Small improvments
Fix bug where DNS failures caused entire input to fail. Results are now written as tests are completed.
Fixed Metric sourcetype and added custom output format.
Improved data format
Fixed bug with IPv6 by removing traffic class options.
Initial Public Release
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.