Splunk Enterprise

what are good searches for performance logs

rcon313
Explorer

Hi guys,

Does anyone have any advice on what would be a good search to carry out on local performance data. I am trying to create some sort of dashboard that shows the performance of my local machine and not sure what I could be searching for to put in the dashboard. If anyone has any advice on what I could search for please let me know.

 

Thank You 

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Yes, it's possible and people do it every day.

Once you have data coming into Splunk you need to search for it.  Open the Search & Reporting app and look for the performance data you selected.  Choose a single metric to see how it changed over time.  Then click on the Visualization tab to graph those results.  Finally, once you have something you like, click Save As in the top-right corner and choose "Dashboard panel" to save your graph in a dashboard.

See https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html for more information.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The best searches are the ones most meaningful to you/your business.  If you've had performance problems in the past then create a search that identifies that problem (or whatever precedes it).  Don't waste resources searches for things that don't matter (to you).

---
If this reply helps you, Karma would be appreciated.
0 Karma

rcon313
Explorer

I understand what you mean. Its more just for demonstration purposes I don't think there is anything wrong with my local machine. What I mean is like what would be the most important things you would put on the dashboard to display. For example what would be the best types of logs to use if you get what I mean. I am trying to make sound not as confusing haha, let me know if this makes sense. 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If it's just for demo purposes then any metric should do.  Try to pick one that looks "interesting" in a graph, like CPU busy or network I/O rate.

---
If this reply helps you, Karma would be appreciated.
0 Karma

rcon313
Explorer

ahh right okay I get you. It is getting that information onto a dashboard I am unsure about doing. What I have been doing is selecting the input data button and then selecting monitoring, from there Ii would click on the local performance button and I get a bunch of information such as the image below.

 

rcon313_0-1633114676996.png

 

Is it possible to get the data in the image onto a dashboard ? this is where the confusion is.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, it's possible and people do it every day.

Once you have data coming into Splunk you need to search for it.  Open the Search & Reporting app and look for the performance data you selected.  Choose a single metric to see how it changed over time.  Then click on the Visualization tab to graph those results.  Finally, once you have something you like, click Save As in the top-right corner and choose "Dashboard panel" to save your graph in a dashboard.

See https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html for more information.

---
If this reply helps you, Karma would be appreciated.
0 Karma

rcon313
Explorer

I think I have figured it out, is it that simple that I would just go to the search and reporting app and for example type in CPU and that would give me all the info about the CPU ?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

It is not that simple, but that is one place to begin.  The free course at the link in my previous reply should help.

---
If this reply helps you, Karma would be appreciated.
0 Karma

rcon313
Explorer

Its all good  finally figured it out after searching through youtube. Managed to make a decent dashboard below.

rcon313_0-1633134076018.png

Thanks for all the help

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...