Splunk Cloud Platform

Splunk Cloud Platform Admin Manual

Use the Overview dashboard

The Cloud Monitoring Console (CMC) Overview dashboard enables Splunk Cloud Platform administrators to quickly understand the general state and health of their deployment.

A blue progress bar may appear above a panel, indicating that the Splunk platform is still generating data. Wait for the bar to disappear before reviewing the panel.

Do not modify this dashboard. Changing any of the search criteria, formatting, or layouts might cause inaccurate results and also override the automatic update process.

Review the Overview dashboard

The Overview dashboard displays 12 summary panels of information about the health of your deployment, with each panel linked to its respective source CMC dashboard. Select a panel to view more detailed information about that particular metric.

The Release Notes link near the top of the dashboard accesses the latest version of the CMC release notes in the Splunk Cloud Platform documentation.

The File with Local Overwrites panel displays if your deployment contains modifications to the original delivered app files. The table lists all modified files and the date and time that they were changed. Modifications to any custom deployment-specific file are not considered a local overwrite.

Local overwrites prevent the CMC app from automatically updating. If your deployment contains modifications to the original delivered app files, you must contact Splunk Customer Support to remove the local overwrites and re-enable the automatic update functionality.

To investigate your panels, go to Cloud Monitoring Console > Overview. Use the following table to understand the dashboard interface.

Panel Description
Current Active Users (Last Hour) Shows the number of active users in the deployment as of the last 60 minutes from when you accessed the dashboard. For example, if you access the dashboard at 4:30 PM, this panel shows data from 3:30-4:30 PM.


This panel accesses the User Activity dashboard.

Average Daily Users (Last 7 Days) Shows the number of daily users in the deployment averaged over the last seven days from the previous day. For example, if you access the dashboard on June 8, this panel shows data from June 1, 12:00 AM to June 7, 11:59 PM.


This panel accesses the User Activity dashboard.

Search Count (Yesterday) The large number shows the number of searches performed during the previous day. For example, if you access the dashboard on June 8, this panel shows data from June 7, 12:00 AM to 11:59 PM. The smaller number and arrow indicates the increase or decrease in searches from the previous search count.


This panel accesses the Search Usage Statistics dashboard.

Indexes with Events Shows the number of indexes that have processed events.


This panel accesses the Indexing Performance dashboard.

You must have the indexes_edit capability to view accurate data in this panel.

Total Indexes Shows a snapshot of the currently active indexes that contain events.


This panel accesses the Indexing Performance dashboard.

You must have the indexes_edit capability to view accurate data in this panel.

Ingest Volume The large number shows the amount of data ingested in gigabytes in the previous day. See Search Count (Yesterday) for an explanation of the time range for the previous day. The smaller number and arrow indicates the increase or decrease in data ingestion from the previous ingestion total.


This panel accesses the Ingest dashboard.

Searches by Type (Last 24 Hours) Shows a color-coded bar graph of searches performed over the last 24 hours. For example, if you access the dashboard on June 2 at 9:00 AM, this panel shows data from June 1, 9:00 AM to June 2, 9:00 AM.


This panel accesses the Search Usage Statistics dashboard.

Throughput by Index (Last 24 Hours) Shows a color-coded bar graph of data throughput performance per index over the last 24 hours. See Searches by Type (Last 24 Hours) for an explanation of the 24-hour time range.


This panel accesses the Indexing Performance dashboard.

Splunk TCP Port Closures (Last 4 Hours) Shows the percentage of your active indexers in the last 4 hours that have Splunk TCP port closures. For example, if you access the dashboard at 4:00 PM, this panel shows data from 12:00-4:00 PM.


This panel accesses the Indexing Performance dashboard.

Long Running Searches (Last 4 Hours) Shows the number of ad hoc searches in the last 4 hours that have taken more than 30 minutes to complete. See Splunk TCP Port Closures (Last 4 Hours) for an explanation of the 4-hour time range.


This panel accesses the Search Usage Statistics dashboard.

Scheduled Search Skip Ratio (Last Hour) Shows the percentage of your scheduled searches that encountered an issue and had to be skipped in the last hour.

See Current Active Users (Last Hour) for an explanation of the 1-hour time range.

This panel accesses the Skipped Scheduled Searches dashboard, enabling you to resolve the issue and run a skipped search again.

Data Parsing Issues (Last Hour) Shows a bar chart of the line breaking, timestamp parsing, and aggregation issues the Splunk platform encountered when parsing your data for indexing. See Current Active Users (Last Hour) for an explanation of the 1-hour time range.


This panel accesses the Data Quality dashboard.

Interpret these results

Because the Overview dashboard provides a high-level view of the overall health of your deployment, investigate any anomalous spikes or dips and take the necessary mitigation action. For example, if you see a sudden increase in skipped scheduled searches, audit these searches to determine the cause and correct any issues.

Last modified on 23 May, 2024
Introduction to the Cloud Monitoring Console   Review the Overview (preview) dashboard

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters