Splunk® App for NetApp Data ONTAP (Legacy)

Deploy and Use the Splunk App for NetApp Data ONTAP

On June 10, 2021, the Splunk App for NetApp Data ONTAP will reach its end of life and Splunk will no longer maintain or develop this product.

Home dashboard

The ONTAP System Health dashboard is the first place of referenced to see that you have set up and configured your environment correctly. In Splunk Web, select Home to display this dashboard.

We recommend that you wait for 10 to 15 minutes, after configuring the app, for views to populate before you troubleshoot the app. It takes this time for field values in the dashboards to get assigned correctly.

Panel Description
7-Mode Controllers Overview This view provides a window into the number of 7-mode filers that you have configured to work with the app and from which you collect data. it provides performance details on a per filer basis. Click on the data provided for a filer to drill down to the detailed filer view page. The following search powers the panel:
  • Search: (sourcetype=ontap:perf source="SystemPerfHandler") OR (sourcetype=ontap:system source="system-get-info") OR (sourcetype=ontap:system source="system-get-version") earliest=-4h latest=now | append [search `CapacityByHost`] | stats first(*) as *, first(_time) as _time by host | rename is-clustered AS is_clustered |table _time, host, system-name, gb_used, gb_total, percent_used, total_processor_busy_percent, disk_data_read_rate, disk_data_written_rate, total_ops_rate, net_data_*_rate, ontap_version, partner-system-name, system-serial-number,vendor-id,is_clustered | search NOT is_clustered=true | `unitize`
  • Sourcetype that must be present for the view to populate: ontap:perf, ontap:system
Cluster Mode Controllers Overview This view provides a window into the number of Cluster-mode filers that you have configured to work with the app and from which you collect data. it provides performance details for each cluster. Click on the data provided for a cluster to drill down to the detailed cluster view page. The following search powers the panel:
  • Search: (sourcetype=ontap:perf source="SystemPerfHandler") OR (sourcetype=ontap:system source="system-get-info") OR (sourcetype=ontap:system source="system-get-version") OR (sourcetype=ontap:system source=system-node-get-iter) earliest=-4h latest=now | append [search `CapacityByHost`] | stats first(*) as *, first(_time) as _time, values(node) as cluster_node_list by host | rename is-clustered AS is_clustered |table _time, host, cluster_node_list, gb_used, gb_total, percent_used, total_processor_busy_percent, disk_data_read_rate, disk_data_written_rate, total_ops_rate, net_data_*_rate, ontap_version, partner-system-name, system-serial-number,vendor-id,is_clustered | search is_clustered=true | `unitize`
  • Sourcetype that must be present for the view to populate: ontap:perf, ontap:system
Inventory counts Displays the total number of aggregates, disks, volumes, and LUNs in your environment.
Aggregates with the highest transfer rates over the past 4 hours (transfers/S) This view shows the top 10 aggregates with the highest transfer rates over the last 4 hours. The listed is sorted displayed the aggregate with the most transfer operations per second at the top of the list.
  • Search: sourcetype=ontap:perf source=AggrPerfHandler | stats avg(total_transfers_rate) as total_transfers_rate_average max(total_transfers_rate) as total_transfers_rate_max by host,objname | eval total_transfers_rate_average=total_transfers_rate_average/1000| eval total_transfers_rate_max=total_transfers_rate_max/1000 | sort - total_transfers_rate_max |rename objname AS aggregate | head 10
  • Sourcetype that must be present for the view to populate: ontap:perf
Volumes with highest latency over the past 4 hours (ms) - sourcetype=ontap:perf For most applications the latency request on a volume is important. This view shows the volumes that have experienced the slowest storage performance over the last 4 hours. The following search powers the panel:
  • Search: source=VolumePerfHandler | stats avg(avg_latency_average) as avg_latency_average max(avg_latency_average) as avg_latency_max by host,objname | eval avg_latency_average=avg_latency_average/1000| eval avg_latency_max=avg_latency_max/1000 | sort - avg_latency_max | rename objname AS volume | head 10
  • Sourcetype that must be present for the view to populate: ontap:perf
LUNs with highest latency over the past 4 hours (ms) - sourcetype=ontap:perf This view shows the LUNs that have experienced the slowest performance (response to an I/O request) over the last 4 hours. This number is based on an average value. The following search powers the panel:
  • Search: source=VolumePerfHandler | stats avg(avg_latency_average) as avg_latency_average max(avg_latency_average) as avg_latency_max by host,objname | eval avg_latency_average=avg_latency_average/1000| eval avg_latency_max=avg_latency_max/1000 | sort - avg_latency_max | rename objname AS volume | head 10
  • Sourcetype that must be present for the view to populate: ontap:perf
Highest Max User Read Latency Disks over the past 4 hours (ms) This view shows the disks that have experienced the slowest performance (response to an I/O request) over the last 4 hours. This number is based on an average value. Disk latency depends on the application and its requirements. The following search powers the panel:
  • Search: sourcetype=ontap:perf source=DiskPerfHandler | stats avg(user_read_latency_average) as user_read_latency_average max(user_read_latency_average) as user_read_latency_max first(display_name) as display_name by host,objname | eval user_read_latency_average=user_read_latency_average/1000| eval user_read_latency_max=user_read_latency_max/1000 | sort - user_read_latency_max | table host,display_name,user_read_latency*,objname | rename display_name as disk | head 10
  • Sourcetype that must be present for the view to populate: ontap:perf
Syslog Errors or Warnings in the past 4 hours This is a list of warning and error messages received from attempts to get syslog data. The following search powers the panel:
  • Search: sourcetype="ontap:syslog" (error OR warning)
  • Sourcetype that must be present for the view to populate: ontap:syslog
Last modified on 03 April, 2017
Log in and get started   Proactive Monitoring dashboards

This documentation applies to the following versions of Splunk® App for NetApp Data ONTAP (Legacy): 2.1.6, 2.1.7, 2.1.8, 2.1.91


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters