Dashboards & Visualizations

index access and usage statistics / report / dashboard

damucka
Builder

Hello,

I am looking for a way to report on the usage of my index(es), the best of course in a graphically attractive way if possible.

I would be interested in the following KPIs:
- user accesses to the index, per user per time span
- alerts triggered per day - this can be general per my App
- indexed data growth per day per index, or even sourcetype
.. perhaps some other KPIs.

Is there any app that would do this for me? Or perhaps a set of useful SPLs?

Kind Regards,

Kamil

Tags (1)
0 Karma
1 Solution

adonio
Ultra Champion

there are tons of answers in this portal around an of the topics you are looking for.
do you have access to _internal or _audit indexes?
Do you have a Monitoring Console? (MC) most of it is pre-built
as for your questions:
- user accesses to the index, per user per time span - i think this one is the toughest to solve, here is a direction:
https://answers.splunk.com/answers/321581/how-to-find-the-most-searched-index-in-splunk.html
- alerts triggered per day - this can be general per my App
https://answers.splunk.com/answers/305328/how-to-search-the-names-of-triggered-alerts-their.html
https://answers.splunk.com/answers/577325/how-to-pull-the-details-of-triggered-alert-for-las.html
https://answers.splunk.com/answers/564850/how-can-i-make-a-dashboard-with-all-triggered-aler.html
- indexed data growth per day per index, or even sourcetype
you can use the logic within the firebrigade app https://splunkbase.splunk.com/app/1632/ or other apps that might serve admins
https://answers.splunk.com/answers/23136/index-growth.html
https://answers.splunk.com/answers/716733/how-do-you-calculate-the-growth-of-each-index-on-a.html
https://answers.splunk.com/answers/242759/help-to-find-daily-indexed-data-size-by-each-index.html

hope it helps

View solution in original post

0 Karma

adonio
Ultra Champion

there are tons of answers in this portal around an of the topics you are looking for.
do you have access to _internal or _audit indexes?
Do you have a Monitoring Console? (MC) most of it is pre-built
as for your questions:
- user accesses to the index, per user per time span - i think this one is the toughest to solve, here is a direction:
https://answers.splunk.com/answers/321581/how-to-find-the-most-searched-index-in-splunk.html
- alerts triggered per day - this can be general per my App
https://answers.splunk.com/answers/305328/how-to-search-the-names-of-triggered-alerts-their.html
https://answers.splunk.com/answers/577325/how-to-pull-the-details-of-triggered-alert-for-las.html
https://answers.splunk.com/answers/564850/how-can-i-make-a-dashboard-with-all-triggered-aler.html
- indexed data growth per day per index, or even sourcetype
you can use the logic within the firebrigade app https://splunkbase.splunk.com/app/1632/ or other apps that might serve admins
https://answers.splunk.com/answers/23136/index-growth.html
https://answers.splunk.com/answers/716733/how-do-you-calculate-the-growth-of-each-index-on-a.html
https://answers.splunk.com/answers/242759/help-to-find-daily-indexed-data-size-by-each-index.html

hope it helps

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...