doc: add documentation about rollover issue (#570)

* doc: add documentation about rollover issue

* doc: fix typos, storage addon

* doc: fix metallb section and add completed inventory pod

docs/bestpractices.md

@@ -71,4 +71,24 @@ worker:
   walkRetryMaxInterval: 60
 ```
 
-With the configuration from the above, walk will retry exponentially until it reaches 60 seconds.
+With the configuration from the above, walk will retry exponentially until it reaches 60 seconds.
+
+### SNMP Rollover
+The Rollover problem is that the integer value that they store (especially when they are 32-bit) is finite, 
+and when it’s reaching the maximum, it gets rolled down to 0 again which causes a strange drop in Analytics data.
+The most common case of this issue is interface speed on a high speed ports. As a solution to this problem, SNMPv2 SMI defined a new object type, counter64, for 64-bit counters ([read more about it](https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/26007-faq-snmpcounter.html)).
+Not all the devices support it, but if they are - remember to always poll counter64 type OID instead of counter32 one. 
+For example, use `ifHCInOctets` instead of `ifInOctets`.
+
+If 64-bit counter are not supported on your device, you can write own splunk queries that calculate the shift based on
+maximum integer value + current state. The same works for values big enough that they're not fitting 64-bit value.
+An example for a SPLUNK query like that (inteface counter), would be:
+
+```
+| streamstats current=f last(ifInOctets) as p_ifInOctets last(ifOutOctets) as p_ifOutOctets by ifAlias             
+| eval in_delta=(ifInOctets - p_ifInOctets)
+| eval out_delta=(ifOutOctets - p_ifOutOctets)
+| eval max=pow(2,64)
+| eval out = if(out_delta<0,((max+out_delta)*8/(5*60*1000*1000*1000)),(out_delta)*8/(5*60*1000*1000*1000))
+| timechart span=5m avg(in) AS in, avg(out) AS out by ifAlias
+```

docs/gettingstarted/mk8s/k8s-microk8s.md

@@ -53,7 +53,7 @@ The following commands can be issued from any one node in a cluster
 ```bash
 sudo systemctl enable iscsid
 microk8s enable helm3
-microk8s enable storage
+microk8s enable hostpath-storage
 microk8s enable rbac
 microk8s enable metrics-server
 microk8s status --wait-ready
@@ -69,9 +69,9 @@ microk8s status --wait-ready
 
 ## Install Metallb
 
-Note: when installing metallb you will be prompted for one or more IPs to use as entry points
-Into the cluster. If your plan to enable clustering, this IP should not be assigned to the host (floats)
-If you do not plan to cluster, then this IP may be the same IP as the host
+Note: when installing Metallb you will be prompted for one or more IPs to use as entry points
+into the cluster. If your plan to enable clustering, this IP should not be assigned to the host (floats).
+If you do not plan to cluster, then this IP should be the IP of your host.
 
 Note2: a single IP in cidr format is x.x.x.x/32 use CIDR or range syntax for single server installations this can be
 the same as the primary ip.

docs/gettingstarted/sc4snmp-installation.md

@@ -176,6 +176,7 @@ snmp-mibserver-7f879c5b7c-hz9tz                               1/1     Running
 snmp-mongodb-869cc8586f-vvr9f                                 2/2     Running   0          133m
 snmp-redis-master-0                                           1/1     Running   0          133m
 snmp-splunk-connect-for-snmp-trap-78759bfc8b-79m6d            1/1     Running   0          99m
+snmp-splunk-connect-for-snmp-inventory-mjccw                  0/1     Completed 0          6s
 ```
 
 ### Test SNMP Traps

docs/gettingstarted/splunk-requirements.md

@@ -18,11 +18,11 @@ reference it in `values.yaml` file later on.
 Parameters and the instruction on how to do it is here: [SC4SNMP Parameters](sc4snmp-installation.md#configure-splunk-enterprise-or-splunk-cloud-connection)
 
 
-3. Create or obtain a new Splunk HTTP Event Collector token and the correct HTTPS endpoint.
-4. Verify the token using [curl](https://docs.splunk.com/Documentation/Splunk/8.1.3/Data/FormateventsforHTTPEventCollector) Note: The endpoint must use a publicly trusted certificate authority.
+2. Create or obtain a new Splunk HTTP Event Collector token and the correct HTTPS endpoint.
+3. Verify the token using [curl](https://docs.splunk.com/Documentation/Splunk/8.1.3/Data/FormateventsforHTTPEventCollector) Note: The endpoint must use a publicly trusted certificate authority.
 
-5. The SHARED IP address to be used for SNMP Traps. Note Simple and POC deployments will use the same IP as the host server. If HA deployment will be used, the IP must be in addition to the management interface of each cluster member.
-6. Obtain the IP address of an internal DNS server that can resolve the Splunk Endpoint.
+4. The SHARED IP address to be used for SNMP Traps. Note Simple and POC deployments will use the same IP as the host server. If HA deployment will be used, the IP must be in addition to the management interface of each cluster member.
+5. Obtain the IP address of an internal DNS server that can resolve the Splunk Endpoint.
 
 ### Requirements (Splunk Infrastructure Monitoring)