Skip to main content

 

Splunk Lantern

Inventory data

 

Inventory data refers to the static or descriptive information about hardware and software assets that make up an organization’s IT infrastructure. This type of data typically includes details about the configuration, specifications, relationships, and attributes of hardware devices, virtual machines, operating systems, storage systems, networks, and software applications. It also defines how components are connected, for example, which VMs are hosted on a specific server, or which applications rely on a particular database.

Unlike dynamic or operational data (for example, performance metrics, logs, real-time usage data), inventory data remains relatively static and serves as a foundational reference for managing, documenting, and analyzing IT environments. It acts as a baseline for operations teams to manage and troubleshoot IT systems. It is also crucial for inventory management, capacity planning, compliance audits, and overall IT governance.

Inventory data typically includes:

  • Hardware asset details: Manufacturer, model, CPU, RAM, storage, physical location and serial number.
  • Network devices: Device type, ports, firmware version, IP address, role, and physical location
  • Virtual machines (VMs): Name, operating system, vCPUs, RAM, disk, hypervisor, associate host, and role
  • Cloud instances: Provider, instance ID, instance type, region, attached storage, and tags
  • Storage systems:
    • Local: Device type, total capacity, RAID level, vendor, and connection type
    • Cloud: Bucket name, provider, storage class, region, and encryption
  • Software and application details:
    • Operating systems: Name, license key, patch level, and install date
    • Enterprise applications: Application name, version, role, and dependencies
  • Network infrastructure data:
    • Static network configurations: Subnet, gateway, DNS servers, and VLAN
    • Firewall rules: Rule name, source IP, destination IP, protocol, and port  
  • Endpoint devices: Asset tag, operating system, specifications, assigned user, and location
  • Security devices and configurations: Firewall appliances and interfaces (WAN, LAN)
  • Databases: Name, type, version, storage, and users and roles
  • Software licensing and subscriptions: Vendor, product, license type, expiration date, and number of seats
  • Virtualization and containerization: Hypervisor, cluster name, virtual machines, container platform, cluster size, and node details (name, CPU, and memory)

The Splunk Common Information Model (CIM) add-on contains an Inventory data model with fields that describe common computer infrastructure components from any data source, along with network infrastructure inventory and topology. You might also be interested in performance data.

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: 

Use cases for Splunk observability products