Related Answers
Download topic as PDF
Use the Health (preview) dashboard
Splunk Cloud Platform administrators use the Health dashboard to review the status of their deployment. The dashboard provides information about the overall health of the deployment and its data collection, indexing, and search performance. If an indicator shows non-optimal performance, see the Suggested Actions area for the indicator in the All Indicators table for possible mitigation steps.
Preview features are provided by Splunk to you "as is" without any warranties, maintenance and support, or service level commitments. Splunk makes this preview feature available in its sole discretion and may discontinue it at any time. Use of preview features is subject to the Splunk General Terms.
Review the health indicator gauges
Select a gauge icon to see summary information about the number of indicators that are in conformance versus indicators that have warning or critical status. The totals for the Conform, Warning, and Critical categories correspond to the individual data points displayed in an indicator's Results column.
- Overall health: Provides a combined summary view of your deployment's data collection, data indexing, and data search performance in context of indicators provided in the indicator table.
- Data collection: Shows the current state of your deployment's universal forwarders and heavy forwarders as they collect data.
- Data indexing: Shows the current state of bucket size and availability per index for your deployment.
- Data search: Shows the current state of skipped searches, high memory searches, and cache activity in your deployment.
Review health indicator results and actions
In the summary collapsed view, an indicator row shows the corresponding gauge, the health check validation criteria, and the results of the health check. The individual results data for a specific indicator correlate to the Conform, Warning, and Critical totals that display in the corresponding gauge.
Select the toggle for an indicator to review descriptive information and suggested mitigation actions for indicators with a Warning or Critical status.
Review health indicator details
In the toggled expanded view, select View details for any of the health indicators in the Health (preview) page.
For any detailed view, select a status card to filter the list by Conforming, Warning, or Critical status.
The detailed view for each health indicator displays the following information:
| Health indicator | Description |
|---|---|
| Universal forwarder software version (preview) | The Universal forwarder software version (preview) detailed views show the names, versions, expiration information, and status. |
| Heavy forwarder software version (preview) | The Heavy forwarder software version (preview) detailed view shows the names, versions, expiration information, and status. |
| High memory searches (preview) | The High memory searches (preview) detailed view shows the search IDs, memory usage, and status. The status indicator correlates to the Conforming, Warning, and Critical totals that display in top status cards.
The High memory searches (preview) detailed view returns the first 50,000 searches sorted by critical, warning, then conforming status. This prevents the results from timing out on large stacks. |
| Bucket status (preview) | The Bucket status (preview) detailed view shows the index, bucket type, caller, quarantined percentage, full bucket percentage, small bucket percentage, and status. |
| Skipped searches (preview) | The Skipped searches (preview) detailed view shows the app, saved search, user, skip ratio, percentage skipped, reason, and status. |
| Cache activity (preview) | The Cache activity (preview) detailed view shows the index, download amount, cache churn percentage, and status. |
| High memory searches (preview) | The High memory (preview) detailed view shows the search ID, memory used, percentage memory used, and status. |
Review the upcoming maintenance window timeline
In CMC version 3.6.0, the Upcoming maintenance window tab includes a progress timeline.
In CMC version 3.6.0, the timestamps represent the last time the status was updated, which might not be when the actual event occurred.
The timeline provides the following statuses:
| Status | Description |
|---|---|
| Scheduled | Splunk has scheduled a maintenance window. |
| CommsInitiationSent | Splunk has notified the customer about the maintenance window. |
| Skipped | Splunk skipped this maintenance window. |
| Canceled | Splunk has cancelled the maintenance window. This can happen before or during the start of the maintenance window. |
| Declined | The customer has cancelled the maintenance window. |
| Completed | At least one maintenance operation for the given maintenance window is successfully completed. The Splunk Upgrade maintenance type is a single operation, so this status indicates a successful Splunk upgrade. |
See also
| For more information about | See |
|---|---|
| Forwarder version compatibility | Monitor forwarder deployments in the Splunk Cloud Platform Admin Manual Supported forwarder versions in the Splunk Cloud Platform Service Description |
| Skipped searches | Investigate skipped scheduled searches in the Splunk Cloud Platform Admin Manual |
| Improved search queries | Write better searches in the Splunk Cloud Platform Search Manual |
| Time stamp and line break errors | Verify data quality in the Splunk Cloud Platform Admin Manual |
|
PREVIOUS Use the Overview dashboard |
NEXT Use the Maintenance (preview) feature |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2106, 8.2.2107, 8.2.2109, 8.2.2111, 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209 (latest FedRAMP release)
Feedback submitted, thanks!