Splunk® App for Unix and Linux

Install and Use the Splunk App for Unix and Linux

Download manual as PDF

Download topic as PDF

Use the Metrics dashboard

Unix 50 metricsview annotated.png
Click for a larger image

The Metrics dashboard displays a variety of performance statistics for any number of hosts in various different customizable graphs.

The dashboard divides into two panels: The Host Filter panel, which allows you to type in a host name to see only its data or filter hosts by category and group, and the Metrics Viewer, which shows the metrics that the Splunk App for Unix and Linux has collected over time in a circle-graph pattern.

Host Filter

The Host Filter panel allows you to select which host(s) you want to view. It contains a Filter text box and a list of all of the categories and groups you have created when you configured the Splunk App for Unix and Linux.

Each category entry has an arrow next to it that, when clicked, opens to show all groups and hosts in that category. When you load the page in the Splunk App for Unix and Linux, all of these entries have been expanded.

Note: If you have not created any categories or groups, then the Splunk App for Unix and Linux populates this area with a special category called "Default" and a special group called "All hosts". Use the Settings page to create host categories and groups.

To choose hosts:

1. In the category list, use your mouse to scroll through the list of available hosts.

Note: Optionally, you type in the full or partial name of a host in the Filter text box and press Enter. The Splunk App for Unix and Linux updates the category entries to show only those hosts that contain the text string you entered.

2. Select the host(s) which you want to display metrics on. The Splunk App for Unix and Linux updates the Metrics Viewer to show metrics for the selected host(s).


  • To select multiple hosts, shift-click (control-click on Windows, Command-click on Mac OSX) the host entries.
  • If you select all of the hosts in a group, the Splunk App for Unix and Linux automatically selects the group.
  • You can also select groups and categories, by clicking on the name of a group or category, respectively.
  • Clicking on a group selects all hosts in the group, and clicking on a category selects all groups (and thus all hosts) in the category.

Remove filters

To remove an existing host filter, click on the X button on the right side of the Filter text box.

Metrics Viewer

The Metrics Viewer panel displays metrics on the hosts that you have selected in the Host Filter panel. If you have not selected any hosts, this panel is empty.

The Metric Viewer allows you to display various different performance metrics over various ranges of time. It also allows you to add color to your graphs in a way that is meaningful to you.

View desired performance metrics

To change the data that the Metrics Viewer displays:

  1. Select hosts in the Host Filter panel, if you have not already done so. No data will display in the Metrics Viewer without your completing this step.
  2. Set the time range for the graph by clicking the time range drop-down picker (the left-most of the row of buttons under the "Metrics Viewer" text) and selecting the desired time range.
  3. Select the kind of data you want to view by clicking on the data type drop-down picker (the second button from the left) and selecting the desired type of data. The Splunk App for Unix and Linux updates the next three drop-down buttons to include metrics on the type of data you selected. Note: There are five data types to choose from:
    • CPU
    • Memory
    • Disk
    • Process
    • I/O
  4. Choose the performance metric you want to see by selecting the appropriate entries in the performance metric drop-down pickers.

For example, if you chose the "Memory" data type and wanted to see maximum free memory by host, you would select:

  • max in the first performance metric picker,
  • memFreeMB in the second picker, and
  • host in the third picker.

The Splunk App for Unix and Linux updates the graphs to show the selected time range, data type, and performance metrics.

What the graphs mean

  • In these graphs, larger bubbles represent higher levels of metrics, while smaller bubbles represent lower levels of metrics.

Add color to your graphs

If you want, you can add color to the graphs to give them more meaning. To add color:

1. In the Metrics Viewer panel, click anywhere on the rectangle to the right of the Pick Colors text.

A pop-up window appears with a palette of colors.

2. Choose a color that is meaningful to you.

Several things happen at this point:

  • The rectangle fills with the chosen color.
  • The Splunk App for Unix and Linux updates all bubbles currently being displayed by the Metrics Viewer with the chosen color.
  • A slider appears where you initially clicked.
  • Range numbers of 0 and 100 appear on the ends of the rectangle.
  • A number relative to the position between 0 and 100 also appears underneath the slider.

3. Click the "X" on the color palette to close the palette.

4. Move the slider to the desired level that the color you just picked represents.

5. Repeat Steps 1-3 to add additional colors and levels until you have all the colors and levels that you want represented in the displayed graphs.

The Splunk App for Unix and Linux updates the rectangle to include the added slider. The color to the left of the newly-added slider updates to the new chosen color.

Remove sliders

To remove a slider, simply drag it off of the rectangle. Colors to the left of the slider also get removed when you perform this action.

Reset to defaults

To remove all customized graphs and return to the default Metrics Viewer screen, click the Clear button in the upper right corner.

Use the Home dashboard
Use the Hosts dashboard

This documentation applies to the following versions of Splunk® App for Unix and Linux: 5.2.2, 5.2.3, 5.2.4, 5.2.5

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters