Splunk Stream

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk Stream. For documentation on the most recent version, go to the latest release.

Dashboards

Splunk App for Stream provides pre-built dashboards that let you monitor:

  • Network interface metrics.
  • Stream Forwarder (streamfwd) process metrics.
  • Stream Stats Only mode data.
  • Stream Forwarder log data.
  • SSL Activity data.

Use these dashboards to identify spikes and trends in network activity that can indicate an issue with your network and help you analyze customer behavior.

Click on any point in a dashboard graph to drill down to the underlying Splunk search results, and perform additional search and analysis across your network and log data.

Network Metrics

The Network Metrics dashboard lets you monitor these network events:

  • Total Packets
  • Total Events
  • Bandwidth (Mbps)

To open the Network Metrics dashboard:

1. In Splunk Web, select Apps > Splunk App for Stream. This opens the Streams Config page.

2. Select Dashboards > Network Metrics. The Network Metrics dashboard appears.

StreamApp Network metrics.png

Stream Forwarder Metrics

The Stream Forwarder Metrics dashboard lets you monitor these streamfwd binary process metrics:

  • Packet Queue Size
  • SSL Session Key Count
  • TCP Session Count
  • TCP Reassembly Packet Count
  • TCP Reassembly Payload Size

To open the Stream Forwarder Metrics dashboard:

1. In Splunk Web, select Apps > Splunk App for Stream. This opens the Streams Config page.

2. Select Dashboards > Stream Forwarder Metrics. The Network Metrics dashboard appears.

StreamApp Stream Forwarder metrics.png

Stream Stats

The Stream Stats dashboard displays indexing volume and other stats for stream protocols. You can use this dashboard to view the the total amount of data that Stream captures over time for any supported protocol. The Stream Stats dashboard displays stats for protocols in both enabled or Stats Only mode.

To access the Stream Stats dashboard:

  • In the Splunk App for Stream main menu, go to Dashboards > Stream Stats.

Stream stats dashboard 2.png

Stream Forwarder Logs

The Stream Forwarder Logs dashboard let you monitor log entries in the streamfwd.log file. The dashboard provides graphs of Top Messages and Errors by Host, along with a time-based listing of log messages that can help you quickly identify issues with network activities.

To open the Stream Forwarder Logs dashboard:

1. In Splunk Web, select Apps > Splunk App for Stream. This opens the Streams Config page.

2. Select Dashboards > Stream Forwarder Logs. The Stream Forwarder Logs dashboard appears.

Stream Forwarder logs.png

Last modified on 20 June, 2015
Global IP Filters   Use streamfwd command line options

This documentation applies to the following versions of Splunk Stream: 6.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters