Hi guys,
Does anyone have any advice on what would be a good search to carry out on local performance data. I am trying to create some sort of dashboard that shows the performance of my local machine and not sure what I could be searching for to put in the dashboard. If anyone has any advice on what I could search for please let me know.
Thank You
Yes, it's possible and people do it every day.
Once you have data coming into Splunk you need to search for it. Open the Search & Reporting app and look for the performance data you selected. Choose a single metric to see how it changed over time. Then click on the Visualization tab to graph those results. Finally, once you have something you like, click Save As in the top-right corner and choose "Dashboard panel" to save your graph in a dashboard.
See https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html for more information.
The best searches are the ones most meaningful to you/your business. If you've had performance problems in the past then create a search that identifies that problem (or whatever precedes it). Don't waste resources searches for things that don't matter (to you).
I understand what you mean. Its more just for demonstration purposes I don't think there is anything wrong with my local machine. What I mean is like what would be the most important things you would put on the dashboard to display. For example what would be the best types of logs to use if you get what I mean. I am trying to make sound not as confusing haha, let me know if this makes sense.
If it's just for demo purposes then any metric should do. Try to pick one that looks "interesting" in a graph, like CPU busy or network I/O rate.
ahh right okay I get you. It is getting that information onto a dashboard I am unsure about doing. What I have been doing is selecting the input data button and then selecting monitoring, from there Ii would click on the local performance button and I get a bunch of information such as the image below.
Is it possible to get the data in the image onto a dashboard ? this is where the confusion is.
Yes, it's possible and people do it every day.
Once you have data coming into Splunk you need to search for it. Open the Search & Reporting app and look for the performance data you selected. Choose a single metric to see how it changed over time. Then click on the Visualization tab to graph those results. Finally, once you have something you like, click Save As in the top-right corner and choose "Dashboard panel" to save your graph in a dashboard.
See https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html for more information.
I think I have figured it out, is it that simple that I would just go to the search and reporting app and for example type in CPU and that would give me all the info about the CPU ?
It is not that simple, but that is one place to begin. The free course at the link in my previous reply should help.
Its all good finally figured it out after searching through youtube. Managed to make a decent dashboard below.
Thanks for all the help