Use navigators in Splunk Infrastructure Monitoring 🔗
A navigator gives each square a color that represents the relative value of the metric you select from the Color by drop-down menu. The colors range from low values (lighter colors) to high values (darker colors). You can’t change the default colors for each Color‑by option and the navigator automatically sets the value range for each color.
For information on customizing the content and format of the navigator, including filtering, grouping, and more, see Customize navigator display.
The format and content displayed in the navigator for AWS Lambda is different from what is discussed below. For more information, see Using the Infrastructure Navigator for AWS Lambda.
Drill down 🔗
When you hover over a square in a navigator, you can see the information about the instance represented by the square. Click a square to drill down into that instance.
For example, if you click on a square representing a host instance, you can see system metrics information in the built-in dashboard with charts. You can also find various properties of the host, processes running on the host, and so on on the Properties sidebar.
The color or statistics for an element may change as you drill down or click through your system. This is because the information might be refreshed between the time you begin navigating and the time a target element is displayed.
As you drill down into a single instance, you can use the breadcrumb trail to switch to the drilldown view of another instance or to return to the navigator view.
Display related resources or views 🔗
In the drilldown view of a host instance, available related resources show up in a navigation menu at the bottom.
Related resources and views are currently only available for host instances.
You can click on available related resources that navigate to other Splunk Observability Cloud components, or other views of the same host in a different context.
The following example shows you how to navigate from the drilldown view of a single host to Splunk Log Observer view and back:
Select Navigation menu > Infrastructure.
Select Hosts under My Data Center.
Click a square to select a host instance you want to drill down into. For instance, you want to look into the details of a host named
Once you are in the drilldown view for
ip-10-0-3-92.us-west-2.compute.internal, you can navigate to Splunk Log Observer to see all logs for the same host by clicking Logs for host ip-10-0-3-92.us-west-2.compute.internal on the related resources navigation menu.
If you click on any log on the list, the related resources navigation menu shows up. To navigate back to the drilldown view for the same host instance, click Host called ip-10-0-3-92.us-west-2.compute.internal on the related resources navigation menu.
Use the Dashboard section 🔗
The Dashboard section in each navigator provides access to detailed information about the instances displayed.
For more detail on the Dashboard section, see Built-in dashboards.
Amazon EC2, GCP Compute Engine, and Azure Virtual Machines instances are powered by their respective public cloud service as well as Splunk OpenTelemetry Connector. You need both for all the charts to display data in the built-in dashboards.
If you have only the public cloud service and the Smart Agent configured, some charts in the built-in dashboards for Amazon EC2, GCP Compute Engine, and Azure Virtual Machines instances display no data.
If you have only the public cloud service configured, you can see all the cards representing the services where data come from, but some charts in the built-in dashboards for Amazon EC2, GCP Compute Engine, and Azure Virtual Machines instances display no data.
If you have only Smart Agent configured, Amazon EC2, GCP Compute Engine, and Azure Virtual Machines instance navigators aren’t available.
Customize navigator display 🔗
The control bar within each navigator lets you modify which instances are shown, how they are grouped, which metric you are focusing on, and so on.
Add filter 🔗
Click Add Filter to create a filter and view a specific slice of your environment based on dimensions or properties you specify. Filtering is particularly useful for viewing just the instances running a specific service, or in a particular availability zone.
Customize time range 🔗
By default, you see data from the last 3 hours. You can use the time picker to choose a new time range. When you select a new time range, the navigator updates to show the status of instances during that time.
If the time between the end and start dates of your selected time range is more than 7 days, the navigator might take longer to respond.
Color by 🔗
Use the Color by drop-down menu in the control bar to specify the metric you want to use to color the squares. Square color values vary depending on which Color‑by criteria you choose.
For example, if you select CPU Utilization, colors range from green (lowest 20% of values among all instances) to red (highest 20% of values among all instances). For many metrics, red doesn’t necessarily indicate a problem situation but rather performance intensity.
White squares indicate instances that do not emit values for the specified metric. Black squares indicate instances considered “dead” by Infrastructure Monitoring because they do not emit values for a specified period of time. You can specify settings related to these non-emitting instances by selecting Navigator Settings from the Actions menu. When the instances begin emitting values again, the squares are recolored accordingly.
Group by 🔗
Use the Group by drop-down menu in the control bar to partition instances by the selected dimension or property. As you hover over or select the different options in the list, the instances immediately rearrange themselves in the navigator. This feature allows you to do a hierarchical grouping of up to two levels.
In some cases, you may see an option titled “n/a” in the drop-down menu. This group contains instances that don’t have a value for the Group‑by dimension or property you specify.
When you specify a Group‑by field, you can click a group name to filter the navigator to only show the instances in that group. The breadcrumb trail updates to indicate your selected group.
Find outliers 🔗
Apply outlier detection to identify instance outliers in your data. Outliers are denoted by the color red based on values of the Color by metric.
Outlier detection can be determined by one of two strategies that are common in data analysis:
Deviation from population mean
Highlight instances with values significantly above the average value of other instances. This strategy tends to highlight only those instances with the most extreme values, and generally provides meaningful results only when you have a large number of instances (15 or more).
Deviation from the population median
Highlight instances with values significantly above the median value of other instances. If there are relatively small differences in value among the majority of instances, this strategy tends to highlight any instance which is not part of this majority.
For example, if instances are grouped by the service that they are running, colored by
cpu.utilization, and outlier detection is enabled, then instances that use significantly more CPU than their others are highlighted in red. You can then investigate those specific instances to determine why they are behaving differently.
While both outlier strategies highlight instances that are behaving differently from others, if the population has two groups of outliers (e.g. most instances are running at 20% CPU utilization but there are 3 running at 60% and 1 more running at 80%), deviation from mean finds the greater outlier (instances running at 80%), while the deviation from median can typically identify both groups. You can always switch from one strategy to another to choose the one that works best for your specific environment.
The Find Outliers feature also provides a population selector that allows you to restrict the comparison population to only those instances that have similar characteristics (as defined by the Group By dimension). For example, you might not want to compare a server against others that are running different software. It is more relevant to determine outliers among servers providing the same service. Grouping instances by the service that they run and using that as your population basis ensures that instances are compared only with their peers to determine if they behave abnormally.