Splunk® Enterprise

Monitoring Splunk Enterprise

Troubleshoot with integrated Splunk deployment health report

The Summary dashboard in the Monitoring Console lets you troubleshoot health issues with your Splunk Enterprise deployment that the splunkd health report detects. The Mode label in each dashboard indicates a standalone or distributed instance associated with the Anomalies.

Investigate feature health issues

The Anomalies panel in the Summary dashboard lists splunkd health report features that are currently in the red or yellow state. Features in the red or yellow state can indicate a serious issue with your deployment. Use the Anomalies panel to review descriptions of each issue, and access health checks to investigate root cause.

To investigate feature health issues:

  1. Click Settings > Monitoring Console > Summary.
  2. In the Anomalies panel, review the descriptions of listed features in the read and yellow state.
  3. To further investigate a specific issue, click Investigate.
  4. The Health Check page will open. The page shows recommended health checks relating to the reported issue.

  5. Run the recommended health checks to get information on root cause and suggested fixes for the issue.

Example: Investigate skipped searches

This example illustrates how to use the Summary dashboard to troubleshoot a critical health status issue detected by the splunkd health report.

  1. Click Settings > Monitoring Console > Summary.
  2. In the Anomalies panel, the "skipped searches" feature appears in the critical "red" state.
    This indicates that there is a severe issue that is negatively impacting search performance.
  3. Review the description provided by the splunkd health report for basic information about the issue.
  4. Click Investigate.
    The Health Check page opens showing health checks recommended for investigating "Search scheduler skip ratio", "Orphaned scheduled searches", and "resource usage".
  5. Run the recommended health checks.
    The "Search scheduler skip ratio" health check fails.
  6. Click on the failed health check to view the health check results, information about the cause of the problem, and suggested actions for fixing the problem.
  7. See the following Monitoring Console dashboards to perform further root cause analysis: Search > Scheduler Activity: Instance/Deployment, Resource Usage: Instance/Deployment.

For more information on updatable health checks, see Download health check updates.

For more information on the splunkd health report, see About pro-active Splunk component monitoring.

Last modified on 10 March, 2021
How the Monitoring Console works   Multi-instance Monitoring Console setup steps

This documentation applies to the following versions of Splunk® Enterprise: 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.2.0, 9.2.1

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters