Splunk Cloud Platform

Splunk Cloud Platform Admin Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Use the Usage dashboards

The dashboards accessed from the Cloud Monitoring Console > Usage tab enable Splunk Cloud Platform administrators to monitor the users who have access to your Splunk Cloud Platform deployment. The User Activity dashboard lets you review user activity in the system over a specified time range. The User Detail dashboard lets you drill down into the activities of a specific user.

A blue progress bar might appear above a panel, indicating that the Splunk platform is still generating data. Wait for the bar to disappear before reviewing the panel.

Do not modify any Cloud Monitoring Console (CMC) dashboard. Changing any of the search criteria, formatting, or layouts may cause inaccurate results and also override the automatic update process.

View user activity

The CMC User Activity dashboard provides statistical information to Splunk Cloud Platform administrators about all users with access to your Splunk Cloud Platform deployment, including their pageviews and apps. Use this dashboard to understand your users' activity and take the appropriate action to monitor their behavior.

Review the User Activity dashboard

This dashboard shows summary and detailed information about user activity within a specified time range. The time range value affects all panels. The dashboard generally shows information for multiple users, but this is dependent on the number of users active during the specified time range.

The top three panels are summarized totals of a particular area: users, apps, or pageviews. You use the middle three panels to analyze more specific data about each area by setting a Sort by option. The bottom panel provides a tabular summary of the Total Pageviews panel.

The Pageviews area contains two panels with a variable in the panel title that you set with a filter option: Top <variable> and <variable> Access over Time.

To investigate your panels, go to Cloud Monitoring Console > Usage > User Activity. Use the following table to understand the dashboard interface.

Panel or Filter Description
Time Range Set the time range for the data display.

This time range setting affects the display of all panels on this page.

Distinct Users Shows the total number of distinct users who were active in the specified time range.

To view the individual users included in this total and their access activity, sort by User in Pageviews.

Distinct Apps Shows the total number of distinct apps that were active in the specified time range.

To view the individual apps in this total and their access activity, sort by App in Pageviews.

Total Pageviews Shows the number of total pageviews that were accessed in the specified time range.

To view the individual pages in this total and their access activity, sort by Page in Pageviews.

Pageviews This area includes the Top <variable> and <variable> Access over Time panels. The <variable> changes depending on the selected Sort by option.

Select a Sort by option to view data by user, app, or page. The panels show the following pie chart and a bar chart combinations:

  • Top Users and User Access: Graphical information for the Distinct Users panel.
  • Top Apps and App Access: Graphical information for the Distinct Apps panel.
  • Top Pages and Page Access: Graphical information for the Total Pageviews panel.
Activity by Page Shows the number of distinct users and pageviews for a specific app page.

Like the Top Pages and Page Access over Time panels, this panel provides additional information for the Total Pageviews panel.

Interpret user activity results

When interpreting your user activity results, note the following:

  • When analyzing a particular area, be sure to select the corresponding Sort by option in Pageviews so that you view the summarized total and detail information together. For example, select Users when you are investigating distinct users to include the information at the Top Users and User Access over Time panels.
  • If a particular user has a large number of pageviews, this might indicate that users are sharing credentials, or that the account is being used on a dashboard with multiple refreshes, creating additional search load.

View user detail

The CMC User Detail dashboard provides comprehensive information to Splunk Cloud Platform administrators about the activities of a specific user in your Splunk Cloud Platform deployment. Use this dashboard to investigate a user, particularly their searches and pageviews.

Review the User Detail dashboard

This dashboard contains 10 panels of summary, graphical, and tabular data about a specific user of your Splunk Cloud Platform deployment. Filter the results by specifying a time range.

To investigate your panels, go to Cloud Monitoring Console > Usage > User Detail. Use the following table to understand the dashboard interface.

Panel or Filter Description
User and Time Range Select a user and time range to populate the dashboard.

When you view this dashboard, the User field is automatically populated with the first menu value. Be sure to change this default value to the user you are investigating.

Name Shows the user's full name as defined in their user profile.
Username Shows the user's system name, which may be formatted as an email account.
Roles Shows the user's roles as assigned in Settings > Users and Authentication > Roles.
User Logins Shows the number of times the user has logged into the deployment.
Search Count Shows the number of searches the user has done.
Average Search Runtime Shows the average runtime of all searches performed.
Total Search Time Shows the total of the combined runtimes for all the user's searches.
Searches by Type Provides a bar chart of the types of searches the user performed over time, such as ad hoc.
Pageviews by App Provides a bar chart of pageviews, color-coded by app.
User Search Detail Provides detailed information for each search done by the user, such as its type, start and run times, and host and search identifiers.

Interpret user detail results

When interpreting your user detail results, note the following:

  • Especially for new deployments, use this dashboard to monitor usage and determine if your users are adopting or rejecting the Splunk platform. A downward trend may indicate users need more training, or that there are other issues that require investigation and resolution.
  • Check if the values in the second row of panels (Search Count, Average Search Runtime, and Total Search Time) increase significantly over time. Depending on the user's role and responsibilities, this may indicate behavior that needs further investigation.
  • Analyze if the Searches by Type and Pageviews by App graphs reveal any patterns of behavior that could be optimized.
Last modified on 10 August, 2021
PREVIOUS
Use the Search dashboards
  NEXT
Use the License Usage dashboards

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308 (latest FedRAMP release), 9.1.2312


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters