Docs » Splunk Infrastructure Monitoring navigators » Use navigators in Splunk Infrastructure Monitoring

Use navigators in Splunk Infrastructure Monitoring 🔗

For information on customizing the content and format of the navigator, including filtering, grouping, and more, see Customize navigator display.


The format and content displayed in the navigator for AWS Lambda is different from what is discussed below. For more information, see Using the Infrastructure Navigator for AWS Lambda.

Drill down 🔗

When you hover over a square in a navigator, you can see the information about the instance represented by the square. Click a square to drill down into that instance.

For example, if you click on a square representing a host instance, you can see system metrics information in the built-in dashboard with charts. You can also find various properties of the host, processes running on the host, and so on on the Properties sidebar.


The color or statistics for an element may change as you drill down or click through your system. This is because the information might be refreshed between the time you begin navigating and the time a target element is displayed.

As you drill down into a single instance, you can use the breadcrumb trail to switch to the drilldown view of another instance or to return to the navigator view.

Use the Dashboard section 🔗

The Dashboard section in each navigator provides access to detailed information about the instances displayed.

For more detail on the Dashboard section, see Built-in dashboards.


Amazon EC2, GCP Compute Engine, and Azure Virtual Machines instances are powered by their respective public cloud service as well as Splunk OpenTelemetry Connector. You need both for all the charts to display data in the built-in dashboards.

  • If you have only the public cloud service and the Smart Agent configured, some charts in the built-in dashboards for Amazon EC2, GCP Compute Engine, and Azure Virtual Machines instances display no data.

  • If you have only the public cloud service configured, you can see all the cards representing the services where data come from, but some charts in the built-in dashboards for Amazon EC2, GCP Compute Engine, and Azure Virtual Machines instances display no data.

  • If you have only Smart Agent configured, Amazon EC2, GCP Compute Engine, and Azure Virtual Machines instance navigators aren’t available.

Customize navigator display 🔗

The control bar within each navigator lets you modify which instances are shown, how they are grouped, which metric you are focusing on, and so on.

Add filter 🔗

Click Add Filter to create a filter and view a specific slice of your environment based on dimensions or properties you specify. Filtering is particularly useful for viewing just the instances running a specific service, or in a particular availability zone.

Customize time range 🔗

By default, you see data from the last 3 hours. You can use the time picker to choose a new time range. When you select a new time range, the navigator updates to show the status of instances during that time.


If the time between the end and start dates of your selected time range is more than 7 days, the navigator might take longer to respond.

Color by 🔗

Use the Color by drop-down menu in the control bar to specify the metric you want to use to color the squares. Square color values vary depending on which Color‑by criteria you choose.

For example, if you select CPU Utilization, colors range from green (lowest 20% of values among all instances) to red (highest 20% of values among all instances). For many metrics, red doesn’t necessarily indicate a problem situation but rather performance intensity.


White squares indicate instances that do not emit values for the specified metric. Black squares indicate instances considered “dead” by Infrastructure Monitoring because they do not emit values for a specified period of time. You can specify settings related to these non-emitting instances by selecting Navigator Settings from the Actions menu. When the instances begin emitting values again, the squares are recolored accordingly.

Group by 🔗

Use the Group by drop-down menu in the control bar to partition instances by the selected dimension or property. As you hover over or select the different options in the list, the instances immediately rearrange themselves in the navigator. This feature allows you to do a hierarchical grouping of up to two levels.

In some cases, you may see an option titled “n/a” in the drop-down menu. This group contains instances that don’t have a value for the Group‑by dimension or property you specify.

When you specify a Group‑by field, you can click a group name to filter the navigator to only show the instances in that group. The breadcrumb trail updates to indicate your selected group.

Find outliers 🔗

Apply outlier detection to identify instance outliers in your data. Outliers are denoted by the color red based on values of the Color by metric.

Outlier detection can be determined by one of two strategies that are common in data analysis:

  • Deviation from population mean

    Highlight instances with values significantly above the average value of other instances. This strategy tends to highlight only those instances with the most extreme values, and generally provides meaningful results only when you have a large number of instances (15 or more).

  • Deviation from the population median

    Highlight instances with values significantly above the median value of other instances. If there are relatively small differences in value among the majority of instances, this strategy tends to highlight any instance which is not part of this majority.

For example, if instances are grouped by the service that they are running, colored by cpu.utilization, and outlier detection is enabled, then instances that use significantly more CPU than their others are highlighted in red. You can then investigate those specific instances to determine why they are behaving differently.

While both outlier strategies highlight instances that are behaving differently from others, if the population has two groups of outliers (e.g. most instances are running at 20% CPU utilization but there are 3 running at 60% and 1 more running at 80%), deviation from mean finds the greater outlier (instances running at 80%), while the deviation from median can typically identify both groups. You can always switch from one strategy to another to choose the one that works best for your specific environment.

The Find Outliers feature also provides a population selector that allows you to restrict the comparison population to only those instances that have similar characteristics (as defined by the Group By dimension). For example, you might not want to compare a server against others that are running different software. It is more relevant to determine outliers among servers providing the same service. Grouping instances by the service that they run and using that as your population basis ensures that instances are compared only with their peers to determine if they behave abnormally.