Content Pack for Monitoring Splunk as a Service

Content Pack for Monitoring Splunk as a Service

KPI reference for the Content Pack for Monitoring Splunk as a Service

These tables list the KPIs used to monitor the health of your Splunk hosts in the Content Pack for Monitoring Splunk as a Service.

Splunk Instance Metrics Template

The following table lists the granularity of the KPIs in the Splunk Instance Metrics service template:

KPI KPI search schedule and lookback time
Error count 5 min/5 min lookback
Erroring Hosts 5 min/5 min lookback
Installed Apps 15 min/15 min lookback
Login Errors 5 min/5 min lookback
SSL Errors 5 min/5 min lookback

Splunk OS Metrics Template

The following table lists the granularity of the KPIs in the Splunk OS Metrics service template:

KPI KPI search schedule and lookback time
Average Disk Read I/O 5 min/5 min lookback
Average Disk Write I/O 5 min/5 min lookback
Average I/O Service Time 5 min/5 min lookback
Average I/O Wait Time 5 min/5 min lookback
CPU Cores 5 min/5 min lookback
CPU Normalized Load 5 min/5 min lookback
CPU Utilization 15 min/15 min lookback
Disk Read Kpbs 5 min/5 min lookback
Disk Used 5 min/5 min lookback
Disk Utilization 5 min/5 min lookback
Disk Write Kpbs 5 min/5 min lookback
Installed Memory 5 min/5 min lookback
Memory Utilization 5 min/5 min lookback

Splunk ES Metrics

The following table lists the granularity of the KPIs in the Splunk ES Metrics service:

KPI KPI search schedule and lookback time
Average Correlation Run Time 5 min/5 min lookback
Correlation Lag Time 5 min/5 min lookback
Max Correlation Run Time 5 min/5 min lookback

Splunk Forwarder

The following table lists the granularity of the KPIs in the Splunk Forwarder service:

KPI KPI search schedule and lookback time
Connection Count 5 min/5 min lookback
Forwarder Count 5 min/5 min lookback
Forwarder Throttled 5 min/5 min lookback
GUIDs Per Hostname 15 min/15 min lookback
TCP EPS 5 min/5 min lookback
TCP Kbps 5 min/5 min lookback
Throughput 5 min/5 min lookback

Splunk Indexer Buckets

The following table lists the granularity of the KPIs in the Splunk Indexer Buckets service:

KPI KPI search schedule and lookback time
Cold Buckets 5 min/5 min lookback
Hot Buckets 5 min/5 min lookback
Thawed Buckets 5 min/5 min lookback
Total Buckets 15 min/15 min lookback
Warm Buckets 5 min/5 min lookback

Splunk Indexer Cluster Metrics

The following table lists the granularity of the KPIs in the Splunk Indexer Cluster Metrics service:

KPI KPI search schedule and lookback time
Cluster Health Check 5 min/5 min lookback
Cluster Manager Slow Response 5 min/5 min lookback
Cluster Peer Slow Response 5 min/5 min lookback

Splunk Indexer Data

The following table lists the granularity of the KPIs in the Splunk Indexer Data service:

KPI KPI search schedule and lookback time
Data Truncation Issues 5 min/5 min lookback
Future Timestamps 5 min/5 min lookback
Line breaking Issues 5 min/5 min lookback
Parsing Issues 5 min/5 min lookback

Splunk Indexer Index Metrics

The following table lists the granularity of the KPIs in the Splunk Indexer Index Metrics service:

KPI KPI search schedule and lookback time
Events Indexed 5 min/5 min lookback
Per Host Throughput 5 min/5 min lookback
Per Index Throughput 5 min/5 min lookback

Splunk Indexer Queues

The following table lists the granularity of the KPIs in the Splunk Indexer Queues service:

KPI KPI search schedule and lookback time
Aggregate Queue Fill 5 min/5 min lookback
Current Time in Queue 5 min/5 min lookback
Current Queue Size 5 min/5 min lookback
Indexing Queue Fill 5 min/5 min lookback
Max Time in Queue 5 min/5 min lookback
Max Queue Size 5 min/5 min lookback
Parsing Queue Fill 5 min/5 min lookback
Typing Queue Fill 5 min/5 min lookback

Splunk Indexer Search Metrics

The following table lists the granularity of the KPIs in the Splunk Indexer Search Metrics service:

KPI KPI search schedule and lookback time
Average Historical Searches 5 min/5 min lookback
Average Real-time Searches 5 min/5 min lookback
Enqueue Searches 5 min/5 min lookback
Max Historical Searches 5 min/5 min lookback
Max Real-time Searches 5 min/5 min lookback
Max Running Searches 5 min/5 min lookback
Max Search Runtime 5 min/5 min lookback
Skipped Searches 5 min/5 min lookback

Splunk ITSI Metrics

The following table lists the granularity of the KPIs in the Splunk ITSI Metrics service:

KPI KPI search schedule and lookback time
Average Runtime 5 min/5 min lookback
Index Lag 5 min/5 min lookback
Indexed Events 5 min/5 min lookback
ITSI Internal Search Failed 5 min/5 min lookback
ITSI Log Errors 5 min/5 min lookback
ITSI Log Warnings 5 min/5 min lookback
ITSI Refresh Queue Data Count 5 min/5 min lookback
KPI Count 5 min/5 min lookback
KPI Search Failed 5 min/5 min lookback
Max Runtime 5 min/5 min lookback

Splunk License Metrics

The following table lists the granularity of the KPIs in the Splunk License Metrics service:

KPI KPI search schedule and lookback time
License Usage by Index 5 min/5 min lookback
License Usage by Indexer 5 min/5 min lookback
License Usage by Sourcetype 5 min/5 min lookback
Licensed Event by Indexer 5 min/5 min lookback

Splunk Search Head Cluster

The following table lists the granularity of the KPIs in the Splunk Search Head Cluster service:

KPI KPI search schedule and lookback time
Bundle Replication Failure 5 min/5 min lookback
SHC Health Check 5 min/5 min lookback

Splunk Search Head Users

The following table lists the granularity of the KPIs in the Splunk Search Head Users service:

KPI KPI search schedule and lookback time
Average Runtime 5 min/5 min lookback
Max Runtime 5 min/5 min lookback
User Count 5 min/5 min lookback

Splunk Search Metrics

The following table lists the granularity of the KPIs in the Splunk Search Metrics service:

KPI KPI search schedule and lookback time
Average Search Runtime 5 min/5 min lookback
Executed Searches 5 min/5 min lookback
Execution Latency 5 min/5 min lookback
Max Search Runtime 5 min/5 min lookback
Skipped Count 5 min/5 min lookback
Skipped Searches 5 min/5 min lookback
Suppressed Count 5 min/5 min lookback
Last modified on 02 February, 2022
Upgrade to version 2.1.0 of the Content Pack for Monitoring Splunk as a Service  

This documentation applies to the following versions of Content Pack for Monitoring Splunk as a Service: 2.0.1, 2.0.3, 2.1.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters