Using the Analysis Workspace in Splunk App for Infrastructure
Use the Analysis Workspace to analyze performance metrics and log sources for a single entity, or a specific group of entities. Determine poor performing entities for a set of metrics, or determine a point in time when multiple entities began performing in a similar way. Create alert conditions and search logs collected from your servers to perform root cause analysis and understand why your infrastructure is performing the way it is.
Select data sources to create interactive charts in the workspace. Then, apply filters and aggregations to gain insight into your system's metrics and performance. The Analysis Workspace helps you quickly identify and respond to any issues or anomalies in your data.
From the Infrastructure Overview or the List View, access the Analysis Workspace by clicking an entity or group:
- If clicking an entity, drill down to the Entity Overview. Click the Analysis tab to access the Analysis Workspace.
- If clicking a group, drill down to the Analysis Workspace.
You can also navigate to groups or entities in the Analysis Workspace by clicking the group or entity navigation dropdown to view what entities are in a group, or what groups an entity is a part of.
The workspace contains three panels.
- The Data panel shows all data sources that are available for analysis.
- The Main panel is where you see your data represented in charts.
- The Analysis panel lists the aggregations and analytic functions that you can apply to your data. For more information about the Analysis panel, see About Analytics in the Analysis Workspace in Splunk App for Infrastructure.
Number | Element | Description |
---|---|---|
1 | Search metrics, events, or alerts | Search available metrics, events or alerts to analyze and display in the workspace charts. Manage alerts that you have created, and perform actions such as deleting an alert. See Using Alerts in Splunk App for Infrastructure for detailed information about using alerts. |
2 | Data panel | The Data panel contains all of the data sources that you have available for visualization and analysis. Search metrics, events, or alerts, or browse for data to view and analyze in the workspace.
Every data source that you select in the Data panel appears as a separate chart in the workspace. Each chart contains a time series based on at least one aggregation. Hover over any point on the series to see the corresponding values in the chart legend to the right of the chart. |
3 | Group and Entity navigation | View entities contained in a group, or view what groups an entity is a part of, by expanding the group or entity navigation dropdown. For example when viewing a group in the Analysis Workspace, click the down arrow next to the group name and a list of entities contained in the group display. Click an entity in the group to view the entity in the Analysis Workspace, or use the search field to search for an entity in the group. If viewing an entity in the Analysis Workspace, click the down arrow next to the entity name to view what groups the entity is a part of, click a group from the list to view the group in the Analysis Workspace, or search for a particular group. |
4 | Pinpoint time range | Hover to view a shared hairline on all charts. Click and drag to zoom in on a narrower time range. |
5 | Time range picker | Select a common time range to display for all charts. The default time range for time series is one hour. Adjust the time range to gain more insight from your charts. Adjust the time range by either the time range picker, or by zooming in on a chart. You can select a custom time range by clicking and dragging your cursor over the time period you want to view. |
6 | Split by | Split charts to show a separate time series for each value of a dimension. Click a dimension in a chart and select an action such as Investigate Entity to drilldown to further details. |
7 | Refresh | Refresh charts to include the most recent data. Refresh manually or enable auto-refresh. |
8 | Chart actions | Click the ellipsis to view the chart action menu. Perform chart actions such as creating an alert, saving a chart as a dashboard panel, opening the chart in Search, saving the chart as a Report, and other tasks. See Use Chart Actions to create an alert, open in search, or save as a dashboard panel. |
9 | Entity Overview or Analysis Workspace | Select to display the Analysis Workspace or display system information about the selected host, including operating system, IP address, version information, and associate dimensions. |
10 | Clear all | Clear all charts from the workspace. |
11 | Grid layout or stack layout | Display charts in grid layout, which displays multiple charts in each row, or stack layout, which displays one chart per row. |
12 | Save all charts to a dashboard | Save all charts to a dashboard. |
13 | Analysis panel | Select analysis tools, such as aggregation, time comparison, split by, and filters, to display in the Analysis Workspace.
Depending on your data source, the following operations are available:
See Analytics in the Analysis Workspace for detailed information about the different operations you can use to analyze your data. |
14 | Main panel | The Main panel is contains charts. Every data source that you select in the Data panel appears as a separate chart in the workspace, or Main panel. Each chart contains a time series based on at least one aggregation. Hover over any point on the series to see the corresponding values in the chart legend to the right of the chart. |
Use charts to customize metrics analyses
Add a chart to the Metrics Workspace to view data represented as a time series. If you are monitoring a group, you can split charts by dimensions to monitor individual entities in the group more closely.
With charts, you can:
- Create alerts
- View metrics in the Search & Reporting app
- Create dashboards
- Create reports
- Export chart data as PNG for CSV files
For more information, see Charts in the Splunk Metrics Workspace.
If you create a dashboard panel, click the Dashboard tab to view your dashboards in Splunk Enterprise. See the Splunk Enterprise Dashboards and Visualizations guide.
If you open your chart in Search, see the Splunk Enterprise Search Manual
Using the List View in Splunk App for Infrastructure | Using the Entity Overview in Splunk App for Infrastructure |
This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.3.0, 1.3.1, 1.4.0, 1.4.1, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1 Cloud only, 2.2.0 Cloud only, 2.2.1, 2.2.3 Cloud only, 2.2.4, 2.2.5
Feedback submitted, thanks!