Splunk® Enterprise

Monitoring Splunk Enterprise

Splunk Enterprise version 7.1 is no longer supported as of October 31, 2020. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

What can the Monitoring Console do?

There are three main configuration states for the Monitoring Console.

  • You can leave the Monitoring Console unconfigured in standalone mode on your Splunk Enterprise instance. This means that you can navigate to the Monitoring Console on your individual instance in your deployment and see that particular instance's performance.
  • You can go through the configuration steps, still in standalone mode, which lets you access the default platform alerts.
  • You can go through the configuration steps for distributed mode, which lets you log into one instance and view the console's information for every instance in your deployment.

Find answers to common problems

The Monitoring Console is a rich source of troubleshooting information about your Splunk Enterprise deployment. Here are a few examples of problems you can investigate with this tool.

Symptom Dashboard
My users are reporting errors when they run a search, like "Peer x is unresponsive", "Peer did not participate in search", or "Results might be incomplete". Possible starting points include:
  • Distributed search: Deployment health checks, or Distributed search: Instance if you know which search peer is experiencing the problems.
  • On Resource usage: Deployment select search peers, and look for any that are oversubscribed.
  • Compare problematic time periods in the Distributed search and Resource usage views to consider capacity planning.
My users' UI is slow Resource usage: Instance for the instance experiencing problems.
My search performance is slow Resource usage: Deployment, Scheduler activity, or Search activity
Is my indexer/search head up/down right now? Overview > Topology
Is indexer workload distributed evenly across instances? Indexing performance: Deployment
What are my indexes' retention policies? Indexing > Indexes and Volumes: Instance
KV store is not initializing Search > KV Store: Deployment
Splunk Web errors that disk space is full Resource usage: Machine or Indexes and volumes dashboards
Last modified on 02 August, 2016
About the Monitoring Console   How the Monitoring Console works

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters