Deslicer Observer API & Automation Platform

Deslicer Observer connects agents to your Splunk deployment for host inventory, configuration management, compliance auditing, and change plan execution with approval workflows. The Deslicer Automation Platform (DAP) dashboard provides a visual interface for fleet management, security compliance, and deployment planning.

Navigation

• Parent: Integrations
• Related: Automation Platform | App Deployment Agent | Data Onboarding

---

Capabilities

Observer API exposes 79 tools across these categories:

Host Discovery

• List and filter Splunk hosts (search heads, indexers, forwarders, deployment servers)
• View host details, roles, and status
• Inventory across your deployment

Configuration Management

• Read and search Splunk configurations across hosts
• Compare configs between hosts
• Template-based configuration

Change Plans

• Create change plans that describe what configs to add, modify, or remove
• Human-in-the-loop approval workflow — changes require explicit approval before execution
• Dry-run previews to see what a plan would change before approving
• Apply changes after approval
• Rollback support

Reconciliation

• Generate reconciliation reports — compare desired state vs. actual state
• Identify configuration drift across your deployment

DAP Dashboard

The Deslicer Automation Platform (DAP) dashboard is accessible from the sidebar under Automation. It provides a visual interface for managing your Splunk fleet connected via Observer.

Fleet Insights

The Insights page shows an overview of your Splunk fleet at a glance:

• Node status — total, online, stale, and offline host counts
• Splunk versions — distribution of Splunk versions across your fleet
• Cluster health — replication factor status, maintenance mode, rolling restarts, bundle issues, and SHC readiness
• Certificate alerts — expired, critical, warning, advisory, and healthy certificate counts
• App and config inventory — total apps and configuration items across all hosts
• Compliance posture — a summary card showing your overall compliance percentage, pass/fail/missing rule counts, and a link to the full audit

Inputs Insights

The Inputs page provides a cross-host inventory of data inputs configured across your Splunk deployment:

• Browse all inputs.conf entries grouped by host
• Filter by input type (monitor, scripted, HTTP, UDP, TCP, modular), app name, config layer (default, local, system), and enabled/disabled status
• Search across input sections and file paths
• Expand individual entries to view properties like index, sourcetype, and monitoring settings
• Identify which apps and configuration layers define each input

Security Compliance

The Security insights page runs compliance audits against your Splunk deployment using baseline profiles:

• Baseline profiles — versioned rule sets that define expected configurations for each Splunk role (search head, indexer, forwarder, deployment server)
• Compliance scoring — each host receives a compliance percentage based on rules that pass, fail, or are missing
• Violation details — drill into individual findings with severity levels (critical, warning, info), affected settings, expected vs. actual values, and remediation guidance
• Trend tracking — view compliance over time with trend charts showing historical audit snapshots
• Remediation plans — create change plans directly from compliance violations to fix non-compliant configurations
• CSV export — download compliance findings as a CSV file for offline analysis or reporting

Change Plans

The Plans page manages deployment change plans:

• Plan overview — view all pending, approved, rejected, and executed plans
• Plan detail — inspect individual change items, see which configurations will be added, modified, or removed on each target host
• Dry-run preview — simulate a plan's changes before approval to verify the expected diff
• Approval workflow — approve or reject plans with comments; destructive changes are flagged with warnings
• Execution tracking — monitor plan execution progress in real time with per-host status updates

Used By

• Automation Platform — the DAP dashboard uses Observer API for fleet management, node enrollment, change plans, and insights
• Splunk App Deployment Agent — primary consumer for enterprise app management
• GDI Onboarding Agent — optional integration for deploying generated configs

Setup

Observer API is configured per environment. You can provision it directly from the Automation Platform Settings page in the dashboard. Available on Enterprise plans.