Use the Workload Management Monitoring dashboard
The CMC Workload Management Monitoring dashboard shows the effect of triggered workload management rules, which is controlled by configuration settings. Use the dashboard to determine if you must adjust the underlying configuration to optimize workload performance. This dashboard appears only for deployments on Splunk Cloud versions 8.x or higher.
This dashboard is driven by the workload management configuration that controls how Splunk Cloud manages your workload performance. Go to Settings > Workload management to access the Workload Management page that contains the categories, pools, and rules defined by your configuration. You can use the workload management functionality to optimize search job processing and other tasks in your deployment.
An error message appears and the panels display 0 when the rules aren't configured or triggered.
For more information about Splunk Cloud workload management, see Workload Management overview in the Splunk Cloud Admin Manual. This topic describes how workload management works and how to use pools and rules to create a configuration that meets your organizational requirements.
A blue progress bar might appear above a panel, indicating that the Splunk platform is still generating data. Wait for the bar to disappear before reviewing the panel.
Do not modify any Cloud Monitoring Console (CMC) dashboard. Changing any of the search criteria, formatting, or layouts may cause inaccurate results and also override the automatic update process.
Review the Workload Management Monitoring dashboard
This dashboard shows the following six panels of information under a filter section:
- The top three panels show the number of times that a search was affected by a workload rule or a particular rule classification.
- The middle two panels show graphs. Each panel's title and data dynamically changes, based on the selected Split by option. See the following table for panel titles shown for a specific option.
- The bottom panel shows tabular data for scheduled searches.
|Split by option||Panel titles|
|Action||Searches per Action Triggered over Action
Searches per Action
|Rule||Searches per Action Triggered over Rule
Searches per Rule
|User||Searches per Action Triggered over User
Searches per User
|App||Searches per Action Triggered over App
Searches per App
|Search Type||Searches per Action Triggered over Search Type
Searches per Search Type
Investigate your panels
- Go to Cloud Monitoring Console > Workload Management Monitoring.
- Refine the displayed data by specifying values for Role, Time Range, and Split by. The selected Role determines the information displayed in the top three panels. The specified Time Range and Split by values determine the information displayed in the bottom three panels.
- Review the top three panels, which show a numerical value for the following classifications:
- Searches Aborted
- Searches Reclassified
- Searches Triggering an Alert
- Review the Searches per Action Triggered over <variable> panel. See the table in Review the Workload Management Monitoring dashboard for panel titles.
This panel is a graph of the information shown in the top three panels. It compares the total number of searches that triggered a specific action against the selected Split by option. Use this information to analyze who or what is triggering the greatest number of actions so you can take the appropriate remediation steps.
- Review the Searches per <variable> over time panel. See the table in Review the Workload Management Monitoring dashboard for panel titles.
This panel is a graph of the information shown in the top three panels. It shows the number of searches executed over time and color-coded by the selected Split by option. Use this information to analyze the peak days and times for a particular search and identify patterns of heavy usage. This helps you determine if you need to optimize resource allocations in your workload management configuration.
- The Scheduled Searches Triggering Rules Detail panel shows how many searches assigned the
scheduledhave triggered an alert, or have been reassigned or aborted.
Use this information to monitor your scheduled searches, particularly those that were aborted or triggered an alert. Investigate why a search triggered either the abort or alert rule so you can correct any issues and rerun the search.
Use the Forwarder dashboards
Review the Splunk Cloud health report
This documentation applies to the following versions of Splunk Cloud™: 8.0.2006, 8.0.2007, 8.1.2008, 8.1.2009, 8.1.2011, 8.1.2012 (latest FedRAMP release), 8.1.2101, 8.1.2103, 8.2.2104, 8.2.2105