Dashboards & Visualizations

Useful dashboards alerts for administrator

shahzadarif
Path Finder

I would like to know what reports / dashboards / alerts you've got setup to monitor the state of your Splunk infrastructure?
Right now I've a dashboard which gives me view of licence usage and log files indexed so I know my indexers are working. But there's nothing for let's say SHs. What search would be useful to give me a view of all my SHs are available for searching?
I should add I don't want to view this information in DMC because this dashboard would be run on a raspberry Pi so it must live on SHs.

Tags (1)
0 Karma

esix_splunk
Splunk Employee
Splunk Employee

If youre not wanting to use the MC, you can easily take the searches out of the MC, and customize them to what you are looking for. The dash boards in the MC are meant to help understand, and to an extent, manage your distributed Splunk environment. There is plenty in there about SH, but your biggest points to monitor would be CPU, RAM, and search concurrency.

Adapting these prebuilt searches out of the MC would be easiest. Aside from this, you could look at the deprecated SoS App (Splunk on Splunk.) However, most of the searches used in that app were all adapted and put into the MC.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...