Use the Overview dashboard
The Cloud Monitoring Console (CMC) Overview dashboard enables Splunk Cloud Platform administrators to quickly understand the general state and health of their deployment.
A blue progress bar may appear above a panel, indicating that the Splunk platform is still generating data. Wait for the bar to disappear before reviewing the panel.
Do not modify this dashboard. Changing any of the search criteria, formatting, or layouts might cause inaccurate results and also override the automatic update process.
Review the Overview dashboard
The Overview dashboard displays 12 summary panels of information about the health of your deployment, with each panel linked to its respective source CMC dashboard. Select a panel to view more detailed information about that particular metric.
The Release Notes link near the top of the dashboard accesses the latest version of the CMC release notes in the Splunk Cloud Platform documentation.
The File with Local Overwrites panel displays if your deployment contains modifications to the original delivered app files. The table lists all modified files and the date and time that they were changed. Modifications to any custom deployment-specific file are not considered a local overwrite.
Local overwrites prevent the CMC app from automatically updating. If your deployment contains modifications to the original delivered app files, you must contact Splunk Customer Support to remove the local overwrites and re-enable the automatic update functionality.
To investigate your panels, go to Cloud Monitoring Console > Overview. Use the following table to understand the dashboard interface.
Panel | Description |
---|---|
Current Active Users (Last Hour) | Shows the number of active users in the deployment as of the last 60 minutes from when you accessed the dashboard. For example, if you access the dashboard at 4:30 PM, this panel shows data from 3:30-4:30 PM.
|
Average Daily Users (Last 7 Days) | Shows the number of daily users in the deployment averaged over the last seven days from the previous day. For example, if you access the dashboard on June 8, this panel shows data from June 1, 12:00 AM to June 7, 11:59 PM.
|
Search Count (Yesterday) | The large number shows the number of searches performed during the previous day. For example, if you access the dashboard on June 8, this panel shows data from June 7, 12:00 AM to 11:59 PM. The smaller number and arrow indicates the increase or decrease in searches from the previous search count.
|
Indexes with Events | Shows the number of indexes that have processed events.
You must have the indexes_edit capability to view accurate data in this panel. |
Total Indexes | Shows a snapshot of the currently active indexes that contain events.
You must have the indexes_edit capability to view accurate data in this panel. |
Ingest Volume | The large number shows the amount of data ingested in gigabytes in the previous day. See Search Count (Yesterday) for an explanation of the time range for the previous day. The smaller number and arrow indicates the increase or decrease in data ingestion from the previous ingestion total.
|
Searches by Type (Last 24 Hours) | Shows a color-coded bar graph of searches performed over the last 24 hours. For example, if you access the dashboard on June 2 at 9:00 AM, this panel shows data from June 1, 9:00 AM to June 2, 9:00 AM.
|
Throughput by Index (Last 24 Hours) | Shows a color-coded bar graph of data throughput performance per index over the last 24 hours. See Searches by Type (Last 24 Hours) for an explanation of the 24-hour time range.
|
Splunk TCP Port Closures (Last 4 Hours) | Shows the percentage of your active indexers in the last 4 hours that have Splunk TCP port closures. For example, if you access the dashboard at 4:00 PM, this panel shows data from 12:00-4:00 PM.
|
Long Running Searches (Last 4 Hours) | Shows the number of ad hoc searches in the last 4 hours that have taken more than 30 minutes to complete. See Splunk TCP Port Closures (Last 4 Hours) for an explanation of the 4-hour time range.
|
Scheduled Search Skip Ratio (Last Hour) | Shows the percentage of your scheduled searches that encountered an issue and had to be skipped in the last hour.
See Current Active Users (Last Hour) for an explanation of the 1-hour time range. This panel accesses the Skipped Scheduled Searches dashboard, enabling you to resolve the issue and run a skipped search again. |
Data Parsing Issues (Last Hour) | Shows a bar chart of the line breaking, timestamp parsing, and aggregation issues the Splunk platform encountered when parsing your data for indexing. See Current Active Users (Last Hour) for an explanation of the 1-hour time range.
|
Interpret these results
Because the Overview dashboard provides a high-level view of the overall health of your deployment, investigate any anomalous spikes or dips and take the necessary mitigation action. For example, if you see a sudden increase in skipped scheduled searches, audit these searches to determine the cause and correct any issues.
Introduction to the Cloud Monitoring Console | Use the Health dashboard |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!