Splunk® App for Infrastructure (Legacy)

Use Splunk App for Infrastructure

This documentation does not apply to the most recent version of Splunk® App for Infrastructure (Legacy). For documentation on the most recent version, go to the latest release.

Using the Analysis Workspace in Splunk App for Infrastructure

Use the Analysis Workspace to analyze performance metrics and log sources for a single entity, or a specific group of entities. Determine poor performing entities for a set of metrics, or determine a point in time when multiple entities began performing in a similar way. Create alert conditions and search logs collected from your servers to perform root cause analysis and understand why your infrastructure is performing the way it is.

Select data sources to create interactive charts in the workspace. Then, apply filters and aggregations to gain insight into your system's metrics and performance. The Analysis Workspace helps you quickly identify and respond to any issues or anomalies in your data.

Navigating the Analysis Workspace

From the Infrastructure Overview or the List View, access the Analysis Workspace by clicking an entity or group:

  • If clicking an entity, you drilldown to the Entity Overview. Click the Analysis tab to access the Analysis Workspace.
  • If clicking a group, you drilldown to the Analysis Workspace.

You can also navigate groups or entities in the Analysis Workspace by clicking the group or entity navigation dropdown to view what entities are in a group, or what groups an entity is a part of.

The workspace contains three panels. The left-side Data panel shows all data sources that are available for analysis. The Main panel in the center is where you see your data represented in charts. The right-side Analysis panel lists the aggregations and analytic functions that you can apply to your data. For more information about the Analysis panel, see About Analytics in the Analysis Workspace in Splunk App for Infrastructure.

To add a chart to your workspace so you can view your data represented as a time series, use the search box to find metrics, event, or alerts, or browse through the hierarchy of available data sources. Click the data source, and a chart displays in the workspace. Use the workspace analysis tools customize your charts.

Infrastructure analysis workspace numbered0718.png

Number Element Description
1 Search metrics, events, or alerts Search available metrics, events or alerts to analyze and display in the workspace charts. Manage alerts that you have created, and perform actions such as deleting an alert. See Using Alerts in Splunk App for Infrastructure for detailed information about using alerts.
2 Data panel The Data panel contains all of the data sources that you have available for visualization and analysis. Search metrics, events, or alerts, or browse for data to view and analyze in the workspace.

Every data source that you select in the Data panel appears as a separate chart in the workspace. Each chart contains a time series based on at least one aggregation. Hover over any point on the series to see the corresponding values in the chart legend to the right of the chart.

3 Analysis Workspace or System Information Select to display the Analysis Workspace or display system information about the selected host, including operating system, IP address, version information, and associate dimensions.
4 Group and Entity navigation View entities contained in a group, or view what groups an entity is a part of, by expanding the group or entity navigation dropdown. For example when viewing a group in the Analysis Workspace, click the down arrow next to the group name and a list of entities contained in the group display. Click an entity in the group to view the entity in the Analysis Workspace, or use the search field to search for an entity in the group. If viewing an entity in the Analysis Workspace, click the down arrow next to the entity name to view what groups the entity is a part of, click a group from the list to view the group in the Analysis Workspace, or search for a particular group.
5 Time range picker Select a common time range to display for all charts. The default time range for time series is one hour. Adjust the time range to gain more insight from your charts. Adjust the time range by either the time range picker, or by zooming in on a chart. You can select a custom time range by clicking and dragging your cursor over the time period you want to view.
6 Split all by Split charts to show a separate time series for each value of a dimension. Click a dimension in a chart and select an action such as Investigate Entity to drilldown to further details.
7 Chart actions Click the ellipsis to view the chart action menu. Select to create an alert, or clone the panel and make a copy that you can use to make adjustments and compare points in your data. You can also export the chart as a PNG or a CSV file.
8 Refresh Refresh charts to include the most recent data. Refresh manually or enable auto-refresh.
9 Clear all Clear all charts from the workspace.
10 Grid layout or stack layout Display charts in grid layout, which displays multiple charts in each row, or stack layout, which displays one chart per row.
11 Analysis panel Select analysis tools, such as aggregation, time comparison, split by, and filters, to display in the Analysis Workspace.

Depending on your data source, the following operations are available:

  • Aggregations summarize data points into meaningful values.
  • Time comparisons overlay a previous time period on the chart.
  • Split by shows results for a specific dimension.
  • Filters include or exclude certain results.

See Analytics in the Analysis Workspace for detailed information about the different operations you can use to analyze your data.

12 Pinpoint time range Hover to view a shared hairline on all charts. Click and drag to zoom in on a narrower time range.
13 Main panel The Main panel is contains charts. Every data source that you select in the Data panel appears as a separate chart in the workspace, or Main panel. Each chart contains a time series based on at least one aggregation. Hover over any point on the series to see the corresponding values in the chart legend to the right of the chart.
Last modified on 19 June, 2019
Using the List View in Splunk App for Infrastructure   Using the Entity Overview in Splunk App for Infrastructure

This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.2.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters