In addition to the ThoughtSpot monitoring and security features, some companies require specific additional third-party software to comply with their internal IT policies. This allows them to support all of their systems with a common set of security and management tools.
For example, you may wish to accomplish some security and monitoring tasks with your own third-party software. These tasks include things like pushing alerts, events, forensics, audit trails, insights, etc. from ThoughtSpot to your own local monitoring systems.
Supported third-party software
ThoughtSpot supports installation of the following third-party software on the ThoughtSpot instance:
- Qualys
- Qualys is a widely used technical vulnerabilities and security compliance scanning tool. For more information about Qualys, see the Qualys documentation.
- SNMP (Simple Network Management Protocol)
- SNMP is an industry standard protocol used for monitoring network traffic and alert events.
- Splunk
- You can install Splunk rsyslog and use it to forward ThoughtSpot logs to Splunk. For more information about Splunk, see the Splunk documentation.
Install third-party software
For details on how to install third-party software, see: Installing third-party security and monitoring software
What is not supported
When installing and configuring third-party software on a ThoughtSpot cluster, follow the following guidelines to avoid interfering with cluster operations:
- Avoid making any direct changes to any files outside of the /home directory.
- Do not remove existing SSH keys or authorized keys from /home/admin/.ssh
- Excessive resource usage, e.g. CPU, disk, memory, processes, etc.
- Killing any system or ThoughtSpot services, or causing node reboots.
Do not change any system wide configuration which may affect ThoughtSpot, such as:
- Network, e.g. IP addresses, DNS resolution
- Storage, e.g. removing existing mount points, removing drives
- Security, e.g. selinux
Qualys
Qualys is supported for scanning of ThoughtSpot clusters for security vulnerabilities.
SNMP Traps
ThoughtSpot has a built-in alerting service that can also be used to send SNMP traps. Many third-party monitoring systems share the common standard of using SNMP traps, and you can take advantage of those capabilities with ThoughtSpot.
ThoughtSpot supports SNMP for read only. So for example, you can read the IP address of the cluster, but not change it using SNMP.
See the Alert code reference for details.
Splunk rsyslog
ThoughtSpot monitoring and alerting logs are written to standard locations in the file system. This allows you to use rsyslog to collect them and send them to Splunk.
Here are some links to help you learn where various logs are written in ThoughtSpot: