About Splunk App for Infrastructure
The Splunk App for Infrastructure (SAI) provides insight into the performance of Linux servers, Microsoft Windows servers, Amazon EC2, ELB and EBS instances, Kubernetes clusters, and Docker containers. SAI utilizes metrics for performance monitoring, and log data for deep understanding and troubleshooting of your server infrastructure.
Get familiar with the app
SAI provides everything you need for configuring metrics and log data collection, entity discovery, server monitoring, performance analysis, and troubleshooting.
- Use the Add Data tab to start collecting data from your hosts. From this tab you can set up data collection on Linux, Windows, Mac OS X servers, Kubernetes clusters, and Docker containers for both system metrics and logs. You can also collect metrics for Amazon EC2, ELB and EBS entities. For more information, see How to add data to Splunk App for Infrastructure in the Administer Splunk App for Infrastructure guide.
- Go to the Investigate tab to browse a list of discovered entities, create groups of entities using entity metadata, view the Entity Overview to monitor the health of an entity, link to Group and Entity Analysis Workspaces for deeper insight, and view all of your server entities as tiles in the Infrastructure Overview. You can also filter for specific entities or groups by dimensions. For more information, see Investigate Your Infrastructure.
- Use the Alerts tab to view triggered alert conditions. From this tab you can drill down into the Analysis Workspace from the Entity or Group tabs to perform root cause analyses on particular alerts for an entity or group. You can also filter for specific entities or groups that triggered alerts by dimensions. For more information, see View and Manage Alerts.
Investigate Your Infrastructure
Use the Investigate tabs, including the Infrastructure Overview, List View, and Analysis Workspace to monitor your infrastructure.
Monitor the health of your system using the Infrastructure Overview. This tab is used to quickly understand availability and performance of your server infrastructure. You can choose a specific performance metric and set a threshold to better understand your high and low performing systems. From this tab you can access quick information including hostname and IP address, as well as drill down into the Analysis Workspace for a specific server where you can continue to analyze and understand server performance. For more information, see Using the Infrastructure Overview in Splunk App for Infrastructure.
Use the List View to view your entities or groups, their status as active or inactive, and sort them by dimensions. You can also drilldown into the Analysis Workspace of an entity or group being monitored to review details or troubleshoot an issue. For more information, see Using the List View in Splunk App for Infrastructure.
Use the Entity Overview to view performance charts that give a quick view of the performance of entities. From this overview, get a summary of metrics being used by the entity, such as CPU, network, memory, disk, system information, dimensions and more. For more information, see Using the Entity Overview in Splunk App for Infrastructure.
Use the Analysis Workspace to analyze performance metrics for a single entity or a group of entities. Determine poor performing entities by metrics, or determine a point in time when multiple entities began performing in a similar way. Create alert conditions and search logs collected from your servers to perform root cause analysis and understand why your infrastructure is performing the way it is. View and search for entities in a group, or view all groups an entity is a part of for easy navigation. For more information, see Using the Analysis Workspace in Splunk App for Infrastructure.
View and Manage Alerts
Admin privileges are required to create and manage alerts.
Use alerts to monitor triggered events and perform root cause analyses. The Alerts page displays a list of triggered alerts. Select the Entities or Groups view and filter alerts by dimensions or group names. When you select a triggered alert, you can drill down into the Analysis Workspace, where you can continue to investigate performance issues during the time of the alert for the entity or group, and modify or delete the alert condition or threshold. For more information about alerts for entities and groups, see Monitor and investigate alerts in Splunk App for Infrastructure.
Get started using Splunk App for Infrastructure
This documentation applies to the following versions of Splunk® App for Infrastructure: 1.4.0, 1.4.1, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1 Cloud only, 2.2.0 Cloud only, 2.2.1, 2.2.3 Cloud only, 2.2.4