Use the Overview dashboard
Get a summary of your deployment's most important metrics using the Cloud Monitoring Console (CMC) Overview dashboard.
Do not modify this dashboard. Changing any of the search criteria, formatting, or layouts might cause inaccurate results and also override the automatic update process. You can use the Personalize feature to select which metrics to display.
Access the Overview dashboard
Use the Overview dashboard to prioritize important metrics.
- In Splunk Web, select Cloud Monitoring Console.
- Then, select Overview.
- Select the Overview dashboard link in the banner.
In the Overview dashboard, select Find in CMC to quickly find any metric or dashboard in the Cloud Monitoring Console.
Review metrics that require attention
The CMC monitors key metrics in the background, which appear under "Attention required" in the Overview dashboard when they reach a critical state that requires attention. Each metric card includes a tooltip with more information on the metric, and a link to its respective dashboard.
Select View or manage items to choose which metrics to track.
The CMC monitors the following key metrics in the background:
| Tracked Metric | Attention required threshold |
|---|---|
| Bucket size and range | Requires attention when more than 50% of buckets are small, less than 50% are full sized, or if 10% are quarantined. |
| Cache transfer activity | Requires attention when SmartStore download size exceeds 10% of total disk space. |
| Change freeze | Requires attention when this deployment has an upcoming change freeze that will suspend maintenance during specific dates. |
| HEC 503 errors | Requires attention when HEC errors are sustained for over 30 minutes. |
| Heavy forwarder software version | Requires attention when your heavy forwarder software version is going to expire within 15 days |
| High memory searches | Requires attention when your searches are consuming more than 10% of Splunk Cloud Platform instance memory. |
| Indexer blocked queues | Requires attention when queues are blocked across 50% or more indexers. |
| Maintenance window | Requires attention when this deployment has a scheduled maintenance window that will interrupt operation. |
| Missing forwarders | Requires attention when forwarders do not have indexer connection in the past 15 minutes. |
| Skipped search percentage | Requires attention when your skipped search percentage is greater than 25%. |
| Universal forwarder software version | Requires attention when your universal forwarder is going to expire within 15 days. |
Review your top metrics
You can prioritize metrics and personalize your experience by choosing which license entitlement and status metrics to display.
Review the dashboard to get fast access to these metrics:
- View your usage levels with the status indicators displayed in each license entitlement metric.
- Refresh or open any of the metrics directly in the Search and Reporting app.
- Select Add or remove metrics to choose which metric panels to display and prioritize your top metrics. Your selection applies to your own view. Other dashboard users can make their own selections.
See the following table to learn about each metric that you can select from the Overview dashboard:
| Panel | Category | Description |
|---|---|---|
|
Overall · Peak SVC Usage Displayed by default if your deployment has this entitlement. |
License |
Shows your organization's overall peak Splunk Virtual Compute (SVC) usage as a single value and a percentage of your license entitlement. Overall peak SVC usage refers to the highest amount of resources used in a given time interval to perform system processes such as indexing, any running search processes, and shared services. It primarily measures the CPU usage across search and indexing workloads. |
|
Ingest Displayed by default if your deployment has this entitlement. |
License |
Shows ingest license entitlement and usage data if the deployment has an ingest-based subscription. This panel accesses the Ingest daashboard. See Monitor current usage of your ingestion-based subscription. |
|
Searchable storage (DDAS) Displayed by default if your deployment has this entitlement. |
License |
Shows deployment's searchable storage entitlement based on DDAS license and amount of searchable storage used by customer and metered internal indexes This panel accesses the Searchable storage (DDAS) dashboard. See Monitor current usage of Searchable Storage. |
|
Archive storage summary (DDAA) Displayed by default if your deployment has this entitlement. |
License |
Shows deployment's archive storage entitlement based on DDAA license and amount of archive storage used by customer and metered internal indexes. This panel accesses the Archive storage (DDAA) dashboard. See Monitor current usage of Archive Storage. |
|
Federated search for Amazon S3 Displayed by default if your deployment has this entitlement. |
License |
Shows amount of data scanning capabilities and percentage of data scanning capabilities utilized by searches during current license term. This panel accesses the Federated Search for Amazon S3 dashboard. See Monitor your Federated Search for Amazon S3 resources. |
| Missing forwarders
Displayed by default. |
Data collection |
A forwarder shows a status of missing if it hasn't connected to indexers within 15 minutes of its last successful connection. This panel accesses the Forwarders: Deployment dashboard. See Monitor forwarder deployments. |
|
Total ingest volume Displayed by default. |
Data indexing |
The large number shows the amount of data ingested in GB in the previous day. The smaller number and arrow indicates the increase or decrease in data ingestion from the previous ingestion total. This panel accesses the Ingest dashboard. See Monitor current usage of your ingest-based subscription. |
| Total data parsing issues |
Data indexing |
Shows a single value of the line breaking, timestamp parsing, and aggregation issues the Splunk platform encountered when parsing your data for indexing. This panel accesses the Data quality dashboard. |
| Total indexes |
Data indexing |
Shows a snapshot of the currently active indexes that contain events. This panel accesses the Indexing performance dashboard. See Check indexing performance. You must have the indexes_edit capability to view accurate data in this panel. |
| Indexes with events |
Data indexing |
Shows the number of indexes that have processed events. This panel accesses the Indexing performance dashboard. See Check indexing performance. You must have the indexes_edit capability to view accurate data in this panel. |
| Splunk TCP port closures |
Data indexing |
Shows the percentage of your active indexers in the last 4 hours that have Splunk TCP port closures. For example, if you access the dashboard at 4:00 PM, this panel shows data from 12:00 through 4:00 PM. This panel accesses the Indexing performance dashboard. See Check indexing performance. |
|
Search count Displayed by default. |
Data search |
The large number shows the number of searches performed during the previous day. For example, if you access the dashboard on June 8, this panel shows data from June 7, 12:00 AM to 11:59 PM. The smaller number and arrow indicates the increase or decrease in searches from the previous search count.
|
|
Scheduled skipped searches |
Data search |
Shows the percentage of your scheduled searches that encountered an issue and had to be skipped in the last hour. This panel accesses the Skipped scheduled searches dashboard. See Investigate skipped scheduled searches. |
| Long running searches |
Data search |
Shows the number of ad hoc searches in the last 4 hours that have taken more than 30 minutes to complete. This panel accesses the Search Usage Statistics dashboard Analyze search usage statistics. |
|
Current region Displayed by default if your deployment has this entitlement. |
Cross-Region Disaster Recovery |
Cloud Service Provider (CSP) region where the Splunk deployment is hosted. Cross-Region Disaster Recovery is in the Early Access release phase. For more information, see Review Cross-Region Disaster Recovery metrics. |
| Earliest unreplicated data age
|
Cross-Region Disaster Recovery |
The time elapsed since the oldest ingested data in the active region is waiting to be replicated to the standby region. Cross-Region Disaster Recovery is in the Early Access release phase. For more information, see Review Cross-Region Disaster Recovery metrics. |
|
Total unreplicated data size Displayed by default if your deployment has this entitlement. |
Cross-Region Disaster Recovery |
The size of ingested data from the active region that did not replicate to the standby region. Cross-Region Disaster Recovery is in the Early Access release phase. For more information, see Review Cross-Region Disaster Recovery metrics. |
Review the Cross-Region Disaster Recovery metrics
If your deployment has the Cross-Region Disaster Recovery entitlement, the Overview dashboard displays panels that inform you about which AWS region your stack is connected to and metrics on data that has not been replicated to your secondary region. You can add these Cross-Region Disaster Recovery panels to the Top metrics section of the Overview dashboard.
Cross-Region Disaster Recovery is in the Early Access release phase. In the Early Access release phase, Splunk products might have limitations on customer access, features, maturity, and regional availability. Additionally, its documentation might receive frequent updates, or be incomplete or incorrect. For additional information on Early Access, contact your Splunk representative.
To learn more about Cross-Region disaster recovery, see About Cross-Region Disaster Recovery on Splunk Cloud Platform.
Get optimization resources
See the Optimization resources section at the bottom of the dashboard for more information on how to optimize deployment resources.
Interpret these results
Because the Overview dashboard provides a high-level view of the overall health of your deployment, investigate any anomalous spikes or dips and take the necessary mitigation action. For example, if you see a sudden increase in skipped scheduled searches, audit these searches to determine the cause and correct any issues.
See Use the Health dashboard to further investigate and learn more about the overall health of your deployment and its data collection, indexing, and search performance.
| Use the Overview dashboard | Use the Health dashboard |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.3.2408
Download manual
Feedback submitted, thanks!