Splunk Observability Cloudの組織のメトリクスを表示する 🔗
Splunk Observability Cloudは具体的なメトリクスを提供するため、組織のプラットフォームの使用状況を測定することができます。
組織のメトリクスには以下が含まれます:
取り込みのメトリクス:送信したデータポイントの数など、Infrastructure Monitoringに送信しているデータを測定します。
アプリ使用状況のメトリクス:組織内のダッシュボードの数など、アプリケーション機能の使用状況を測定します。
インテグレーションのメトリクス:AWS CloudWatch APIへのコール数など、組織と統合されたクラウドサービスの使用状況を測定します。
リソースのメトリクス:作成したカスタムメトリック時系列(MTS)の数など、制限を指定できるリソースの使用状況を測定します。
これらのメトリクスの使用について料金は発生しません。また、これらは システムの制限 にカウントされません。
組織のメトリクスへのアクセス 🔗
管理者の場合は、「組織の概要」ページの組み込みチャートでこれらのメトリクスの一部を表示できます。すべてのユーザーは、カスタムチャートでこれらのメトリクスを表示できます。
「組織の概要」ページにアクセスするには、以下の手順に従ってください:
Splunk Observability Cloud にログインします。
左側のナビで、設定 を選択し、組織の概要 を選択します。
表示したいメトリクスのタブを選択します:
エンゲージメント:ユーザーと、ユーザーが作成したチャート、ディテクター、ダッシュボード、ダッシュボードグループ、チームに関するメトリクス。
APMエンタイトルメント:APMのトラブルシューティング用。
APMのスロットリング;組織内のスロットリングと制限を追跡するメトリクスを強調表示するチャート。
IMエンタイトルメント:IMのトラブルシューティング用。
IMシステム制限:組織内のシステム制限の使用状況を追跡するメトリクスを特定するチャート。
IMのスロットリング;組織内のスロットリングと制限を追跡するメトリクスを強調表示するチャート。
クラウドインテグレーション:クラウドプロバイダーAPIからのテレメトリ収集を制限する可能性のあるエラーとスロットリングを追跡するメトリクスを強調表示するチャート。
組織のメトリクスの解釈と活用 🔗
このセクションでは、使用状況に関するメトリクスの解釈と活用に役立つヒントを提供します。
データ制限、データスロットリング、データフィルタリング 🔗
システム制限を追跡するメトリクス および データのスロットリングを追跡するメトリクス で説明されているように、ご利用のプランのエンタイトルメントまたはシステムの制限を超えた場合、データは、制限またはスロットリングされます。
また、データはプラットフォームからフィルタリングされ、特定の組織メトリクス値 で追跡することができます:
データは、SignalFxエクスポーター など、特定のコンポーネントで自動的にフィルタリングすることができます。
無効なデータもプラットフォームに到達するとフィルタリングされます。例えば、メトリクス名や値がないデータポイントは無効であり、除外されます。トレースやスパンIDのないスパンも同様です。
gross と num のメトリクス値の比較 🔗
メトリクスの中には、 gross 値と num 値をレポートするものがあります。メトリクスの gross と num の値を比較して、システムがデータを制限またはフィルタリングしているかどうかを確認します。
grossメトリクスは、スロットリングやフィルタリングが作動する前にシステムが受信するデータポイントの総数をレポートします。numメトリクスは、システムがスロットリングまたはフィルタリングを完了した後に受信するデータポイントの総数をレポートします。
システム制限を追跡するメトリクス 🔗
これらのメトリクスは、Infrastructure Monitoringが組織に課す制限を追跡します。これらの制限を超えると、データが除外されることがあります。
sf.org.limit.activeTimeSeries(ゲージ):過去25時間の移動窓内で、組織が持つことができるアクティブなMTSの最大数。この制限を超えると、Infrastructure Monitoringは新しいMTSのデータポイントの受け入れを停止しますが、既存のMTSのデータポイントの受け入れは継続します。この制限に対する使用状況を監視するには、sf.org.numActiveTimeSeriesのメトリクスを使用します。sf.org.limit.containers(gauge): Maximum number of containers that can send data to your organization. This limit is higher than your contractual limit to allow for burst and overage usage. If you exceed this limit, Infrastructure Monitoring drops data points from new containers but keeps accepting data points for existing containers. To monitor your usage against the limit, use the metricsf.org.numResourcesMonitoredand filter for the dimensionresourceType:containers.sf.org.limit.computationsPerMinute(ゲージ):1分あたりのSignalFlowの最大計算回数。sf.org.limit.customMetricMaxLimit(ゲージ):過去60分間の移動窓内で、組織にデータを送信できるアクティブなカスタムMTSの最大数。この制限を超えると、Infrastructure Monitoringは、制限を超えたカスタムMTSのデータポイント を除外しますが、すでに存在していたカスタムMTSのデータポイントの受け入れは継続します。sf.org.numCustomMetricsで定義したカスタムメトリクスを参照してください。カスタムMTSの詳細は、カスタムメトリクスとバンドルメトリクスについて を参照してください。
sf.org.limit.customMetricTimeSeries(ゲージ):アクティブなカスタムMTSの最大数。sf.org.limit.detector(ゲージ):組織に使用できるディテクターの最大数。この上限に達すると、新しいディテクターを作成できなくなります。作成するディテクターの数を監視するには、sf.org.num.detectorのメトリクスを使用します。sf.org.limit.eventsPerMinute(ゲージ):1分あたりの受信イベントの最大数。sf.org.limit.hosts(ゲージ):組織にデータを送信できるホストの最大数。この制限は、バーストおよび超過使用を許容するために、契約上の上限よりも高く設定されています。この制限を超えると、Infrastructure Monitoringは新しいホストからのデータポイントを除外しますが、既存のホストのデータポイントの受け入れは継続します。この制限に対する使用状況を監視するには、sf.org.numResourcesMonitoredメトリクスとresourceType:hostsディメンションのフィルターを使用します。sf.org.limit.metricTimeSeriesCreatedPerMinute(ゲージ):組織での新規MTS作成の最大レート。1分あたりのMTSで測定されます。このレートを超えると、Infrastructure Monitoringは新しいMTSのデータポイントの受け入れを停止しますが、既存のMTSのデータポイントの受け入れは継続します。作成したメトリクスの総数を監視するには、sf.org.numMetricTimeSeriesCreatedのメトリクスを使用します。
データのスロットリングを追跡するメトリクス 🔗
前のセクションで説明したように、特定のシステム制限は、「上限」、つまりSplunk Observability Cloudで許可される要素の最大数として機能します。ただし、プラットフォームはデータ取り込みのペースも制限しています。レートの制限を超えた場合、Splunk Observability Cloudは、送信されて来るデータをスロットリング(減速)する可能性があります。
名前に limit または limited が含まれる組織のメトリクスは、量の上限に達していることを示しますが、throttled が含まれるメトリクス(たとえば、sf.org.numThrottledMetricTimeSeriesCreateCalls )は、レート/時間の上限に達していることを示し、したがって、1分あたりのデータポイント数を超えて送信することができなくなります。
詳細は、製品別のシステム制限 を参照してください
トークン別の値のメトリクス 🔗
Infrastructure Monitoringが2つの類似したメトリクスを持つ場合があります:
1つのメトリクスは、
sf.org.numAddDatapointCallsのように、組織全体の合計を表します。これに類似したメトリクス、
sf.org.numAddDatapointCallsByTokenは、使用される一意のアクセストークンごとの合計を表します。
測定において、すべてのトークン別メトリクス値の合計が、合計値メトリクスの値より小さくなる場合があります。たとえば、すべての sf.org.numAddDatapointCallsByToken 値の合計が、sf.org.numAddDatapointCalls の値より小さくなる場合があります。この合計に差が生じるのは、Infrastructure Monitoringが、統合されたクラウドサービスからのデータの取得にトークンを使用しないためです。Infrastructure Monitoringは、統合されたサービスのデータポイントのコール数をカウントしますが、特定のトークンのコール数をカウントする方法は持っていません。
AWS CloudWatch、GCP StackDriver、AppDynamicsについて、この値の差が発生します。
各メトリクスタイプに対して値を持つメトリクス 🔗
一部のメトリクスは、メトリクスのタイプ(カウンター、累積カウンター、ゲージ)ごとに値を持つため、メトリクスごとに3つのMTSがあります。各MTSには、COUNTER、CUMULATIVE_COUNTER、または GAUGE の値を持つ category というディメンションがあります。これらのメトリクスは複数のMTSを持つ可能性があるため、sum() のSignalFlow関数を使用して合計値を確認する必要があります。
例えば、sf.org.numMetricTimeSeriesCreated について3つのMTSを受け取る可能性があります。カウンターであるMTSの数に対して1つ、累積カウンターであるMTSの数に対して1つ、ゲージであるMTSの数に対して1つです。
また、category を単一の値でフィルタリングして(例: GAUGE )、そのタイプのメトリクスだけを表示することもできます。
停止したディテクターをカウントするメトリクス 🔗
sf.org.numDetectorsAborted のメトリクスは、ディテクターがリソース制限に達したためにInfrastructure Monitoringが停止させたディテクターの数を監視します。大部分は、ディテクターが250K MTSの制限を超えた場合です。この条件はまた、ディテクターID、停止の理由、およびMTSまたはデータポイントの値または制限(ディテクターが停止した原因となったいずれか)の詳細を記録するイベント sf.org.abortedDetectors も生成します。
詳細については、イベントを使用してメトリクスにコンテキストを追加する を参照してください。
クラウド認証エラーのメトリクス 🔗
ロールを編集してクラウドサービスに対するユーザーの権限を削除すると、クラウドサービスプロバイダーからの認証エラーが発生する場合があります。この場合、Splunk Observability Cloudのインテグレーションは正しく動作せず、ご利用のサービスからデータとメタデータを収集できません。
Splunk Observability Cloudには、認証エラーを追跡するための以下のメトリクスがあります:
sf.org.num.awsServiceAuthErrorCountsf.org.num.gcpServiceAuthErrorCountsf.org.num.azureServiceAuthErrorCount
これらのエラーが発生した場合は、Splunk Observability Cloudがデータを取得できるようにするため、ロールまたはトークンを修正する必要があります。
ダッシュボード で、これらのエラーを使用して、この問題が発生しているかどうかを検出することができます。
子組織のメトリクス 🔗
親組織に関連する子組織がある場合、子組織のメトリクスもSplunk Observability Cloudに追加されます。これらは、同等の親組織のメトリクスと同じ値を表し、child プレフィックスで識別することができます。
例えば、sf.org.child.numCustomMetrics は、Splunk Observability Cloudがこの子組織について監視しているカスタムメトリクスの数を表します。これは、sf.org.numCustomMetrics が親組織について監視されているカスタムメトリクスの数を表すのと同様です。
組織のメトリクスのリスト 🔗
メトリクスファインダー を使用して、組織のメトリクスを検索します。
Splunk Observability Cloudは、以下の組織メトリクスを提供しています:
| Name | Description | Type |
|---|---|---|
sf.org.apm.grossContentBytesReceived | The volume of bytes Splunk APM receives off the wire before discarding invalid and throttled spans. This content could be compressed.
| counter |
sf.org.apm.grossSpanBytesReceived | The number of bytes Splunk APM receives from spans after decompression but before discarding invalid and throttled spans.
| counter |
sf.org.apm.grossSpanBytesReceivedByToken | The number of bytes Splunk APM receives for a specific access token from ingested span data after decompression but before discarding invalid and throttled spans.
| counter |
sf.org.apm.grossSpansReceived | The number of spans Splunk APM received before discarding invalid and throttled spans.
| counter |
sf.org.apm.ingestLatency.duration.ns.min | The minimum duration of the ingest latency in Splunk APM.
| gauge |
sf.org.apm.limit.monitoringMetricSets | The ingested Metric Set data limit in Splunk APM. | gauge |
sf.org.apm.limit.spanBytes | The ingested span data limit in Splunk APM. | gauge |
sf.org.apm.limit.troubleshootingMetricSets | The limit for troubleshooting Metric Sets in Splunk APM. | gauge |
sf.org.apm.numAddSpansCalls | The number of calls to the
| counter |
sf.org.apm.numAddSpansCallsByToken | The number of calls to the
| counter |
sf.org.apm.numContainers | The number of containers actively sending data to Splunk APM.
| gauge |
sf.org.apm.numHosts | The number of hosts that are actively sending data to Splunk APM.
| gauge |
sf.org.apm.numSpanBytesReceived | The number of bytes Splunk APM accepts from ingested span data after decompression and discarding invalid and throttled spans.
| counter |
sf.org.apm.numSpanBytesReceivedByToken | The number of bytes Splunk APM accepts for a specific access token for a span after decompression and discarding invalid and throttled spans.
| counter |
sf.org.apm.numSpansDroppedBlocked | The number of spans that APM was unable to process or has dropped. A span can be dropped for the following reasons:
| counter |
sf.org.apm.numSpansDroppedBlockedByToken | The number of spans for a specific token that APM was unable to process or has dropped. A span can be dropped for the following reasons:
| counter |
sf.org.apm.numSpansDroppedInvalid | The number of invalid spans Splunk APM receives. A span can be invalid for the following reasons:
| counter |
sf.org.apm.numSpansDroppedInvalidByToken | The number of invalid spans Splunk APM receives for a specific access token. A span can be invalid for the following reasons:
| counter |
sf.org.apm.numSpansDroppedOversize | This metric is deprecated. See The number of spans Splunk APM receives that are too large to process.
| counter |
sf.org.apm.numSpansDroppedOversizeByToken | This metric is deprecated. See The number of spans Splunk APM receives that are too large to process for a specific access token.
| counter |
sf.org.apm.numSpansDroppedThrottle | The number of spans Splunk APM dropped after you exceeded the allowed ingest volume. Splunk APM drops spans it receives after the ingestion volume limit is reached.
| counter |
sf.org.apm.numSpansDroppedThrottleByToken | The number of spans Splunk APM received for a specific access token beyond the allowed ingest volume. Splunk APM drops spans it receives after the ingestion volume limit is reached.
| counter |
sf.org.apm.numSpansReceived | The number of spans Splunk APM accepts after discarding invalid and throttled spans.
| counter |
sf.org.apm.numSpansReceivedByToken | The number of spans Splunk APM received for a specific access token after discarding invalid and throttled spans.
| counter |
sf.org.apm.grossSpansReceivedByToken | The number of spans Splunk APM receives for a specific access token before discarding invalid and throttled spans.
| counter |
sf.org.apm.subscription.containers | The entitlement for the number of containers for your subscription plan.
| gauge |
sf.org.apm.subscription.hosts | The entitlement for the number of hosts for your subscription plan.
| gauge |
sf.org.apm.subscription.monitoringMetricSets | The entitlement for the number of Monitoring MetricSets as part of your subscription plan.
| gauge |
sf.org.apm.subscription.spanBytes | The entitlement for the number of bytes per minutes for your subscription plan.
| gauge |
sf.org.apm.subscription.traces | The entitlement for the number of traces analyzed per minute (TAPM) as part of your subscription plan.
| gauge |
sf.org.apm.subscription.troubleshootingMetricSets | The entitlement for the number of Troubleshooting MetricSets as part of your subscription plan.
| gauge |
sf.org.apm.numTracesReceived | The number of traces Splunk APM receives and processes.
| counter |
sf.org.apm.numTroubleshootingMetricSets10s | The cardinality of Troubleshooting MetricSets (TMS) for each 10-second window.
| gauge |
sf.org.apm.numTroubleshootingMetricSets | The cardinality of Troubleshooting MetricSets (TMS) for each 1-minute time window.
| counter |
sf.org.apm.numMonitoringMetricSets | The cardinality of histogram Monitoring MetricSets (MMS) for each 10-minute time window.
| counter |
sf.org.apm.numContentBytesReceived | The volume of bytes Splunk APM accepts off the wire discarding invalid and throttled spans. This content could be compressed.
| counter |
sf.org.apm.grossContentBytesReceivedByToken | The volume of bytes Splunk APM receives off the wire for a specific access token before discarding invalid and throttled spans. This content could be compressed.
| counter |
sf.org.apm.numContentBytesReceivedByToken | The volume of bytes Splunk APM accepts off the wire for a specific access token after discarding invalid and throttled spans. This content could be compressed.
| counter |
sf.org.abortedDetectors | Contains the detectorID and reason for abort with the value/limit of MTS, or data points, whichever caused the detector to stop | cumulative |
sf.org.cloud.grossDpmContentBytesReceived | Number of content bytes received, but not necessarily admitted, for Cloud services
| counter |
sf.org.datapointsTotalCountByToken | Total datapoints by token
| counter |
sf.org.datainventory.datapointsAdded | Number of data points retrieved from the AWS integration
| count |
sf.org.datainventory.latestTimestamp | Timestamp of the last data point retrieved from an integration
| gauge |
sf.org.datainventory.mtses | Number of Metric Time Series retrieved from an AWS integration. It’s only generated when AWS metrics are polled, and is not available with Metric Streams
| gauge |
sf.org.datainventory.resources | Number of AWS resources polled by an AWS integration. It's only generated when AWS metrics are polled, and is not available with Metric Streams
| gauge |
sf.org.grossDatapointsReceived | Number of data points received, but not necessarily admitted. | cumulative |
sf.org.grossDatapointsReceivedByToken | Number of data points receuved, but not necessarily admitted, per token. | cumulative |
sf.org.grossDpmContentBytesReceived | Number of content bytes received, but not necessarily admitted. | counter |
sf.org.limit.activeTimeSeries | Maximum number of active MTS, within a moving window of the past 25 hours,
that your organization can have. If you exceed this limit, Infrastructure Monitoring stops accepting data points for
new MTS, but continues to accept data points for existing MTS. To monitor your usage against the limit,
use the The number of active MTS is the total number of MTS that have received at least one data point within a moving window of the last 25 hours. | gauge |
sf.org.limit.containers | Maximum number of containers that can send data to your
organization. This limit is higher than your contractual limit to allow for burst and overage usage.
If you exceed this limit, Infrastructure Monitoring drops datapoints from new containers but keeps
accepting data points for existing containers. To monitor your usage against the limit, use the metric
| gauge |
sf.org.limit.customMetricTimeSeries | Maximum number of active custom MTS, within a moving window of the
previous 60 minutes, that you're allowed to have in your organization. If you exceed this limit,
Infrastructure Monitoring stops accepting data points for new custom MTS, but it continues to accept
data points for custom MTS that already existed. To see the number of MTS you're allowed to have, use the metric
| gauge |
sf.org.limit.detector | Maximum number of detectors you can use for your organization. After you reach this limit,
you can't create more new detectors.
To monitor the number of detectors you create,
use the metric | gauge |
sf.org.limit.hosts | Maximum number of hosts that can send data to your organization.
This limit is higher than your contractual limit to allow for burst and overage usage.
If you exceed this limit, Infrastructure Monitoring drops data points from new hosts but
keeps accepting data points for existing hosts. To monitor your usage against the limit, use the metric
| gauge |
sf.org.limit.metricTimeSeriesCreatedPerMinute | Maximum rate at which you can create new MTS
in your organization, measured in MTS per minute. If you exceed this rate,
Infrastructure Monitoring stops accepting data points for new MTS, but continues to accept data points for existing MTS.
To monitor the number of metrics you've created overall, use the metric | gauge |
sf.org.log.grossContentBytesReceived | The volume of bytes Splunk Log Observer receives from ingesting logs off the wire before filtering and throttling. This content can be compressed.
| counter |
sf.org.log.grossContentBytesReceivedByToken | The volume of bytes Splunk Log Observer receives from ingesting logs off the wire for a specific access token after filtering and throttling. This content can be compressed.
| counter |
sf.org.log.grossMessageBytesReceived | The number of bytes Splunk Log Observer receives from ingested logs after decompression but before filtering and throttling are complete.
| counter |
sf.org.log.grossMessageBytesReceivedByToken | The number of bytes received by Splunk Log Observer for a specific access token from ingested logs after decompression but before filtering and throttling are complete.
| counter |
sf.org.log.grossMessagesReceived | The total number of log messages Splunk Log Observer receives before filtering and throttling.
| counter |
sf.org.log.grossMessagesReceivedByToken | The total number of log messages Splunk Log Observer receives for a specific access token before filtering and throttling.
| counter |
sf.org.log.numContentBytesReceived | The volume of bytes Splunk Log Observer receives from ingesting logs off the wire after filtering and throttling. This content can be compressed.
| counter |
sf.org.log.numContentBytesReceivedByToken | The volume of bytes Splunk Log Observer receives from ingesting logs off the wire for a specific access token after filtering and throttling. This content can be compressed.
| counter |
sf.org.log.numLogsDroppedIndexThrottle | The number of logs Splunk Log Observer drops after the organization's allowed logs index limit threshold is met.
| counter |
sf.org.log.numMessageBytesReceived | The number of bytes Splunk Log Observer receives from ingested logs after decompression, filtering, and throttling are complete.
| counter |
sf.org.log.numMessageBytesReceivedByToken | The number of bytes Splunk Log Observer receives for a specific access token from ingested logs after decompression, filtering, and throttling are complete.
| counter |
sf.org.log.numMessagesDroppedThrottle | The number of log messages Splunk Log Observer drops after the allowed ingest volume is exceeded. Splunk Log Observer drops messages it receives after the ingestion volume is reached.
| counter |
sf.org.log.numMessagesDroppedOversize | The number of log messages Splunk Log Observer receives that are too large to process.
| counter |
sf.org.log.numMessagesDroppedOversizeByToken | The number of log messages Splunk Log Observer receives that are too large to process for a specific access token.
| counter |
sf.org.log.numMessagesDroppedThrottleByToken | The number of log messages Splunk Log Observer drops for a specific access token after the allowed ingest volume is exceeded. Splunk Log Observer drops messages it receives after the ingestion volume is reached.
| counter |
sf.org.log.numMessagesReceived | The total number of log messages Splunk Log Observer accepts after filtering and throttling.
| counter |
sf.org.log.numMessagesReceivedByToken | The total number of log messages Splunk Log Observer accepts for a specific access token after filtering and throttling.
| counter |
sf.org.log.numMessageBytesIndexed | Bytes of data stored in the Log Observer index after applying pipeline management rules.
| counter |
sf.org.num.alertmuting | Total number of alert muting rules; includes rules currently in effect and rules not currently in effect (e.g. scheduled muting rules).
| gauge |
sf.org.num.awsServiceAuthErrorCount | Total number authentication errors thrown by AWS services.
| gauge |
sf.org.num.awsServiceCallCount | Total number of calls made to the Amazon API.
| gauge |
sf.org.num.awsServiceCallCountExceptions | Number of calls made to the Amazon API that threw exceptions.
| gauge |
sf.org.num.awsServiceCallThrottles | Number of calls made to the Amazon API that are being throttled by AWS because you have exceeded your AWS API Call limits.
| gauge |
sf.org.num.azureServiceClientCallCount | Total number of calls made to the Azure API.
| counter |
sf.org.num.azureServiceClientCallCountErrors | Number of calls to Azure API that threw errors.
| counter |
sf.org.num.azureServiceClientCallCountThrottles | Number of calls to Azure API that were throttled.
| counter |
sf.org.num.chart | Total number of charts; includes any charts created using the Infrastructure Monitoring API but not associated with a dashboard.
| gauge |
sf.org.num.credentials | Total number of integrations that have been configured with credentials in Infrastructure Monitoring, for the purpose of retrieving metrics (example: AWS Cloudwatch) or sending alerts (example: PagerDuty).
| gauge |
sf.org.num.crosslink | Total number of crosslinks.
| gauge |
sf.org.num.dashboard | Total number of dashboards; includes all user, custom, and built-in dashboards
| gauge |
sf.org.num.detector | Total number of detectors; includes detectors that are muted.
| gauge |
sf.org.numDetectorsAborted | Number of detector jobs stopped because they reached a resource limit (usually MTS limit).
| counter |
sf.org.num.detectortemplate | Number of detector templates. | cumulative |
sf.org.num.dimension | Number of unique dimensions across all time series.
| gauge |
sf.org.num.eventtimeseries | Number of event time series (ETS) available to be visualized in charts and detectors.
| gauge |
sf.org.num.eventtype | Number of unique event types across all ETS.
| gauge |
sf.org.num.gcpServiceClientCallCount | Number of calls to each GCP API client method.
| counter |
sf.org.num.gcpServiceClientCallCountErrors | Number of calls to each GCP API client method that threw errors.
| counter |
sf.org.num.gcpServiceClientCallCountThrottles | Number of calls to each GCP API client method that were throttled.
| counter |
sf.org.num.metric | Number of unique metrics across all MTS.
| gauge |
sf.org.num.metrictimeseries | Number of metric time series (MTS) available to be visualized in charts and detectors.
| gauge |
sf.org.num.migrationmarker | Number of migration markers. | gauge |
sf.org.num.mutingactive | Number of active muting rules | gauge |
sf.org.num.namedtoken | Number of organization access tokens, including disabled tokens.
| gauge |
sf.org.num.navigator | Number of options available in the sidebar in the Infrastructure Navigator.
| gauge |
sf.org.num.notifications | Number of notifications. | cumulative |
sf.org.num.orgpreference | Number of org preferences. | null |
sf.org.num.orguser | Total number of members and admins associated with an organization; includes invited users who have not yet logged in.
| gauge |
sf.org.num.page | Total number of dashboard groups; includes user, custom, and built-in dashboard groups.
| gauge |
sf.org.num.property | Number of properties; includes only properties you have created, not
dimensions. For the latter, use
| gauge |
sf.org.num.role | Number of roles in your system.
| gauge |
sf.org.num.service | Number of services. | null |
sf.org.num.shareablesnapshot | Number of shareable snapshots. | null |
sf.org.num.source | Number of sources. | null |
sf.org.num.tag | Number of tags available for use.
| gauge |
sf.org.num.team | Number of teams in the organization.
| gauge |
sf.org.num.teammember | Number of users that are members of teams; can be greater than the total number of users. For example, if team A has 30 members and team B has 20 members, the value is 50 even if there are only 30 members in the org.
| gauge |
sf.org.numActiveTimeSeries | Total number of metric time series (MTS) currently active in the organization. The number of active MTS is the total number of MTS that have received at least one data point within a moving window of the last 25 hours. (Use
| gauge |
sf.org.numAddDatapointCalls | Number of calls to send data points to Infrastructure Monitoring.
| counter |
sf.org.numAddDatapointCallsByToken | One value per token; number of calls to send data points to Infrastructure Monitoring.
The sum of all the values might be less than the value of
| counter |
sf.org.numAddEventsCalls | Number of calls to send custom events to Infrastructure Monitoring.
| counter |
sf.org.numAddEventsCallsByToken | One value per token; number of calls to send custom events to Infrastructure Monitoring.
The sum of all the values might be less than the value of
| counter |
sf.org.numApmApiCalls | Number of calls made to APM’s public APIs.
| counter |
sf.org.numApmBundledMetrics | Number of APM Bundled Metrics for your org.
| gauge |
sf.org.numApmBundledMetricsByToken | Number of APM Bundled Metrics for your org for a specific token.
| gauge |
sf.org.numBackfillCalls | One value per metric type, each representing the number of times a
backfill API call was used to send metrics to Infrastructure Monitoring.
You can have up to three MTS for this metric;
each MTS is sent with a dimension named
| counter |
sf.org.numBackfillCallsByToken | One value per metric type per token, each representing the number
of times a backfill API call was used to send metrics to Infrastructure Monitoring.
You can have up to three MTS associated with each token; each MTS is sent with a dimension named
| counter |
sf.org.numBadDimensionMetricTimeSeriesCreateCalls | Number of calls to create MTS that have failed due to an error with dimensions.
| counter |
sf.org.numBadDimensionMetricTimeSeriesCreateCallsByToken | Number of calls to create MTS that have failed due to an error with dimensions, per token.
| counter |
sf.org.numBadMetricMetricTimeSeriesCreateCalls | Number of calls to create MTS that have failed due to an error with metrics.
| counter |
sf.org.numBadMetricMetricTimeSeriesCreateCallsByToken | Number of calls to create MTS that have failed due to an error with metrics, per token.
| counter |
sf.org.numCustomMetrics | Number of custom metrics monitored by Infrastructure Monitoring. For billing purposes, 10 archived metrics are converted to 1 real-time metric, and 1 histogram metric is converted to 8 real-time metrics.
| counter |
sf.org.numComputationsStarted | Number of SignalFlow computations, which mostly consist of chart views and detectors, started. Use this metric to know the rate at which you're starting new SignalFlow jobs.
| counter |
sf.org.numComputationsStartedByToken | One value per token. Number of SignalFlow computations, which mostly consist of chart views and detectors, started. Use this metric to know the rate at which you're starting new SignalFlow jobs.
| counter |
sf.org.numComputationsThrottled | The number of SignalFlow computations, which mostly consist of chart views and detectors, throttled because you reach the maximum number of SignalFlow jobs you can run for your organization. To learn more about this limit, see Maximum number of SignalFlow jobs per organization.
| counter |
sf.org.numComputationsThrottledByToken | One value per token. The number of computations, which mostly consist of chart views and detectors, throttled because you reach the maximum number of SignalFlow jobs you can run for your organization. To learn more about this limit, see Maximum number of SignalFlow jobs per organization.
| counter |
sf.org.numCustomMetricsByToken | One value per token; number of custom metrics monitored by Splunk Observability Cloud. For billing purposes, 10 archived metrics are converted to 1 real-time metric, and 1 histogram metric is converted to 8 real-time metrics. The sum of all the values might be less than the value of
| counter |
sf.org.numDatapointsBackfilled | One value per metric type, each representing the number of data points
that were sent using a backfill API.
You can have up to three MTS for this metric; each MTS is sent with a dimension
named
| counter |
sf.org.numDatapointsBackfilledByToken | One value per metric type per token, each representing the number
of data points that were sent using a backfill API.
You can have up to three MTS for this metric; each MTS is sent with a dimension
named
| counter |
sf.org.numDatapointsDroppedBatchSize | Number of data points dropped because a single request contained more than 100,000 data points. In this scenario, Observability Cloud drops data points because it perceives sending more than 100,000 data points in a single request as excessive.
| counter |
sf.org.numDatapointsDroppedBatchSizeByToken | Number of data points dropped because a single request contained more than 100,000 data points, per token. In this scenario, Observability Cloud drops data points because it perceives sending more than 100,000 data points in a single request as excessive.
| counter |
sf.org.numDatapointsDroppedExceededQuota | Total number of new data points you sent to Infrastructure Monitoring but that Infrastructure Monitoring didn't accept, because your organization exceeded its subscription limit. To learn more, see Exceeding your system limits.
| counter |
sf.org.numDatapointsDroppedExceededQuotaByToken | One value per token; number of new data points you sent to Infrastructure Monitoring but that Infrastructure Monitoring didn't accept, because your organization exceeded its subscription limit. To learn more, see Exceeding your system limits. The sum of all the values might be less than the value of
| counter |
sf.org.numDatapointsDroppedInvalid | Number of data points dropped because they didn't follow documented guidelines for data points. For example, the metric name was too long, the metric name included unsupported characters, or the data point contained no values.
| counter |
sf.org.numDatapointsDroppedInvalidByToken | Number of data points for a specific access token that are dropped because they didn't follow documented guidelines for data points. For example, the metric name was too long, the metric name included unsupported characters, or the data point contained no values.
| counter |
sf.org.numDatapointsDroppedInTimeout | Number of data points Observability Cloud didn't attempt to create because your account was throttled or limited in the previous few seconds and creation was very unlikely to succeed.
| counter |
sf.org.numDatapointsDroppedInTimeoutByToken | Per token, number of data points Observability Cloud didn't attempt to create because your account was throttled or limited in the previous few seconds and creation was very unlikely to succeed. | null |
sf.org.numDatapointsDroppedThrottle | Total number of data points you sent to Infrastructure Monitoring that Infrastructure Monitoring
didn't accept because your organization significantly exceeded its DPM limit.
For help with this issue, reach out to support at observability-support@splunk.com.
Unlike
| counter |
sf.org.numDatapointsDroppedThrottleByToken | One value per token; number of data points you sent to Infrastructure Monitoring but
that Infrastructure Monitoring didn't accept because your organization significantly exceeded
its DPM limit. For help with this issue, reach out to support at observability-support@splunk.com.
Unlike
| counter |
sf.org.numDatapointsReceivedByMetricType | One value per metric type, each representing the number of data points that Infrastructure Monitoring received and processed. You can have up to four MTS for this metric, one for each metric type: gauge, counter, cumulative counter, and histogram. To learn more, see Metrics with values for each metric type. The sum of the values represents the total number of data points you sent to Infrastructure Monitoring minus any data points that weren't accepted because you exceeded a limit. | undefined |
sf.org.numDimensionObjectsCreated | Total number of dimensions created.
| gauge |
sf.org.numDimensionObjectsCreatedByToken | Total number of dimensions created by token. | gauge |
sf.org.numEventSearches | Number of event searches. | counter |
sf.org.numEventSearchesThrottled | Number of event searches that were throttled. | counter |
sf.org.numEventTimeSeriesCreated | Total number of event time series (ETS) created. For MTS values, see
| counter |
sf.org.numEventTimeSeriesCreatedByToken | One value per token; number of event time series (ETS) created. For
MTS values, see
| counter |
sf.org.numEventsDroppedThrottle | Number of custom events you sent to Infrastructure Monitoring but that Infrastructure Monitoring didn't accept, because your organization exceeded its per-minute limit.
| counter |
sf.org.numEventsDroppedThrottleByToken | For each token, this is the number of custom events you sent to Infrastructure Monitoring
but that Infrastructure Monitoring didn't accept, because your organization significantly exceeded
its per-minute limit.
The sum of all the values might be less than the value of
| counter |
sf.org.numEventsReceived | Number of events received. | null |
sf.org.numEventsReceivedByToken | Number of events received, per token. | null |
sf.org.numHighResolutionMetrics | Number of high resolution metrics monitored by Infrastructure Monitoring
| counter |
sf.org.numHighResolutionMetricsByToken | For each token, this is the number of high resolution metrics monitored by
Infrastructure Monitoring.
The sum of all the values might be less than the value of
| counter |
sf.org.numHostMetaDataEventsDroppedThrottle | Number of host metadata events dropped because of throttling. | counter |
sf.org.numHostMetaDataEventsDroppedThrottleByToken | Number of host metadata events dropped because of throttling, per token. | counter |
sf.org.numInactiveTimeSeries | Total number of previously active metric time series (MTS) that are no longer active. The total number of inactive MTS is the total number of metric time series (MTS) that haven't received any data points in the last 25 hours. You can still find these MTS in Observability Cloud until they expire. The standard retention period is 13 months. Use
| gauge |
sf.org.numInvalidEventsDropped | Number of events dropped due to being invalid.
| gauge |
sf.org.numLimitedEventTimeSeriesCreateCalls | Number of event time series (ETS) that Infrastructure Monitoring was unable to create because you exceeded the maximum number of ETS allowed.
| counter |
sf.org.numLimitedEventTimeSeriesCreateCallsByToken | One value per token, each representing the number of event time series
(ETS) Infrastructure Monitoring was unable to create because you exceeded the maximum number
of ETS allowed.
The sum of all the values might be less than the value of
| counter |
sf.org.numLimitedMetricTimeSeriesCreateCalls | Number of metric time series (MTS) not created because your account reached a category limit (or subscription limit).
| counter |
sf.org.numLimitedMetricTimeSeriesCreateCallsByCategoryType | One value per metric type, each representing the number of metric
time series (MTS) not sent to Infrastructure Monitoring because you've reached your maximum limit for active
MTS, hosts, containers, custom metrics, bundled metrics, functions, high-resolution metrics,
Application Performance Monitoring (APM) metrics, or APM bundled metrics.
You can have up to three MTS for this metric; each MTS is sent with a dimension
named
| counter |
sf.org.numLimitedMetricTimeSeriesCreateCallsByCategoryTypeByToken | One value per metric type per token, each representing the number of metric
time series (MTS) not sent to Infrastructure Monitoring because you've reached your maximum limit for active
MTS, hosts, containers, custom metrics, bundled metrics, functions, high-resolution metrics,
Application Performance Monitoring (APM) metrics, or APM bundled metrics.
You can have up to three MTS for this metric; each MTS is sent with a dimension
named
| counter |
sf.org.numLimitedMetricTimeSeriesCreateCallsByToken | One value per metric type per token, each representing the number of metric time series (MTS) not sent to Infrastructure Monitoring because you've reached your maximum limit for active MTS, hosts, containers, custom metrics, bundled metrics, functions, high-resolution metrics, Application Performance Monitoring (APM) metrics, or APM bundled metrics. The number of active MTS is the total number of MTS that have received at least one data point within a moving window of the last 25 hours. You can have up to three MTS for this metric; each MTS is sent with a dimension
named
| counter |
sf.org.numLogsReceivedByToken | Number of logs received by token.
| counter |
sf.org.numMappingsAdded | Number of mappings added. | null |
sf.org.numMappingsAddedByToken | Per token, number of mappings added. | null |
sf.org.numMetadataWrites | Number of metadata writes. | null |
sf.org.numMetadataWritesByToken | Per token, number of metadata writes. | null |
sf.org.numMetadataWritesThrottled | Number of metadata writes throttled. | null |
sf.org.numMetadataWritesThrottledByToken | Number of metadata writes throttled per token. | null |
sf.org.numMetricTimeSeriesCreated | One value per metric type, each representing the number of metric time series (MTS)
created that have that type. You can have up to three MTS for this metric; each MTS
is sent with a dimension named
| counter |
sf.org.numMetricTimeSeriesCreatedByToken | One value per metric type per token, each representing the number of metric time series (MTS)
created that have that type.
You can have up to three MTS for this metric; each MTS is sent with a dimension
named
| counter |
sf.org.numMetricObjectsCreatedByToken | Number of metric objects created by token. | gauge |
sf.org.numNewDimensions | The number of new dimensions (key:value pairs) created.
| counter |
sf.org.numNewDimensionsByName | The number of new dimensions created for each unique dimension name
(key from key:value pair). Only the top 100 dimension names (by number of dimensions
created) are included, in addition to dimension name
| counter |
sf.org.numProcessDataEventsDroppedThrottleByToken | Per token, number of data ingest process events dropped due to throttling, because you exceeded your system limits.
| counter |
sf.org.numPropertyLimitedMetricTimeSeriesCreateCalls | Number of metric time series (MTS) Infrastructure Monitoring was unable to create because you reached your maximum number of unique dimension names.
| counter |
sf.org.numPropertyLimitedMetricTimeSeriesCreateCallsByToken | One value per token; number of metric time series (MTS) Infrastructure Monitoring was
unable to create because you reached your maximum number of unique dimension names.
The sum of all the values might be less than the value of
| counter |
sf.org.numResourceMetrics | Number of resource metric time series (MTS) received from host and container categories. The
| gauge |
sf.org.numResourceMetricsbyToken | Number of resource metric time series (MTS) received from host and container categories, per token. The
| gauge |
sf.org.numResourcesMonitored | Number of hosts or containers that Infrastructure Monitoring is currently monitoring.
The
| counter |
sf.org.numResourcesMonitoredByToken | One value per token; number of hosts or containers that Infrastructure Monitoring is monitoring.
This metric isn't created until a host or container starts sending a host or container metric.
The
| counter |
sf.org.numRestCalls | Number of REST calls made to the Infrastructure Monitoring API.
| counter |
sf.org.numRestCallsThrottled | Number of REST calls you made to the Infrastructure Monitoring API that were not accepted by Infrastructure Monitoring, because your organization significantly exceeded its per-minute limit.
| counter |
sf.org.numRestCallsThrottledByToken | For each token, the number of REST calls you made to the Infrastructure Monitoring
API that were not accepted by Infrastructure Monitoring because your organization significantly
exceeded its per-minute limit.
The sum of all the values might be less than the value of
| counter |
sf.org.numThrottledEventTimeSeriesCreateCalls | Total number of event time series (ETS) that Infrastructure Monitoring was unable to create, because you significantly exceeded your per-minute event creation limit.
| counter |
sf.org.numThrottledEventTimeSeriesCreateCallsByToken | For each token, the number of event time series (ETS) that Infrastructure Monitoring was
unable to create because you significantly exceeded your per-minute event creation
limit.
The sum of all the values might be less than the value of
| counter |
sf.org.numThrottledMetricTimeSeriesCreateCalls | Number of metric time series (MTS) that Infrastructure Monitoring was unable to create because you significantly exceeded your per-minute or per-hour MTS creation limit.
| counter |
sf.org.numThrottledMetricTimeSeriesCreateCallsByToken | For each token, the number of metric time series (MTS) Infrastructure Monitoring was unable to
create because your organization significantly exceeded its per-minute or per-hour
MTS creation limit.
The sum of all the values might be less than the value of
| counter |
sf.org.numUniqueNamesInNewDimensions | The number of unique dimension names (keys) created in all new dimensions
| counter |
sf.org.subscription.activeTimeSeries | Maximum number of active metric time series (MTS). The number of active MTS is the total number of MTS that have received at least one data point within a moving window of the last 25 hours.
| gauge |
sf.org.subscription.datapointsPerMinute | Maximum number of data points per minute (DPM) that Infrastructure Monitoring will process and store.
| gauge |
sf.org.subscription.containers | Number of containers included in the subscription.
| gauge |
sf.org.subscription.customMetrics | Number of custom metric time series (MTS) included in the subscription.
| gauge |
sf.org.subscription.highResolutionMetrics | Number of high resolution metric time series (MTS) included in the subscription.
| gauge |
sf.org.subscription.hosts | Number of hosts included in the subscription.
| gauge |
sf.org.subscription.function | Number of serverless functions included in the subscription.
| gauge |
sf.org.ui.num.pagevisits | Number of UI page visits. | null |
sf.org.rum.numSpansReceived | Number of spans received.
| counter |
sf.org.rum.numSpansReceivedByToken | The number of spans Splunk RUM received for a specific access token after discarding invalid and throttled spans.
| counter |
sf.org.rum.numAddSpansCalls | The number of calls to the
| counter |
sf.org.rum.numAddSpansCallsByToken | The number of calls to the
| counter |
sf.org.rum.numSpansDroppedInvalid | Number of spans dropped because they were invalid. Some of the reasons that spans are invalid are: spans are too large, missing required tags and invalid Trace IDs. Look through the reason column in the data table to see details for specific spans.
| counter |
sf.org.rum.numSpansDroppedInvalidByToken | The number of invalid spans Splunk RUM receives for a specific access token. Some of the reasons that spans are invalid are: spans are too large, missing required tags and invalid Trace IDs. Look through the reason column in the data table to see details for specific spans.
| counter |
sf.org.rum.numSpansDroppedThrottle | The number of spans Splunk RUM dropped after you exceeded the allowed ingest volume.
| counter |
sf.org.rum.numSpansDroppedThrottleByToken | The number of spans Splunk RUM dropped after you exceeded the allowed ingest volume for a specific access token.
| counter |
sf.org.rum.numSpanBytesReceived | The bytes of all the spans accepted and counted by the metric numSpansReceived.
| counter |
sf.org.rum.numSpanBytesReceivedByToken | The bytes of all the spans accepted and counted by the metric numSpansReceived by token.
| counter |
sf.org.rum.grossSpanBytesReceivedByToken | The uncompressed bytes of all the spans received and counted by the metric grossSpansReceived for a specific access token before discarding invalid and throttled spans. This is a per token metric.
| counter |
sf.org.rum.numContentBytesReceived | The volume of bytes Splunk RUM receives after discarding invalid and throttled spans.
| counter |
sf.org.rum.grossContentBytesReceivedByToken | The possibly compressed wire size of the payloads before the payloads are decompressed and decoded by token.
| counter |
sf.org.rum.grossContentBytesReceived | The possibly compressed wire size of the payloads before the payloads are decompressed and decoded.
| counter |
sf.org.rum.grossReplayContentBytesReceived | The possibly compressed wire size of the payloads before the payloads are decompressed and decoded, per RUM session replay.
| counter |
sf.org.numHistogramCustomMetrics | The number of custom histogram metrics monitored in Splunk Observability Cloud. For billing purposes, this is the raw number of custom histogram metrics and isn't multiplied.
| counter |
sf.org.numHistogramCustomMetricsByToken | The number of custom histogram metrics monitored in Splunk Observability Cloud for a specific token. For billing purposes, this is the raw number of custom histogram metrics and isn't multiplied.
| counter |
sf.org.numArchivedCustomMetrics | The raw number of archived custom metrics monitored in Splunk Observability Cloud.
| counter |
sf.org.numArchivedCustomMetricsByToken | The raw number of archived custom metrics monitored in Splunk Observability Cloud for a specific token.
| counter |
sf.org.numBillableArchivedCustomMetrics | The number of billable archived custom metrics monitored in Splunk Observability Cloud. This number is adjusted from the raw number in
| counter |
sf.org.numBillableArchivedCustomMetricsByToken | The number of billable archived custom metrics monitored in Splunk Observability Cloud for a specific token. This number is adjusted from the raw number in
| counter |
sf.org.numArchivedDatapointsReceived | The raw number of data points received from archived metrics in Splunk Observability Cloud.
| counter |
sf.org.numBillableDatapoints | The total number of billable data points received in Splunk Observability Cloud.
| counter |
sf.org.numBillableArchivedDatapoints | The number of billable data points from archived metrics in Splunk Observability Cloud. This number is adjusted from the raw number in
| counter |
sf.org.numBillableHistogramDatapoints | The number of billable data points from histogram metrics in Splunk Observability Cloud. This number is adjusted from the raw number in
| counter |
トラブルシューティング 🔗
Splunk Observability Cloudをご利用のお客様で、Splunk Observability Cloud内のデータを確認できない場合は、以下の方法でサポートを受けることができます。
Splunk Observability Cloudをご利用のお客様
Splunk サポートポータル でケースを送信する
Splunkサポート に連絡する
見込み客および無料トライアルユーザー様
Splunk Answers のコミュニティサポートで質問し、回答を得る
Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups in the Get Started with Splunk Community manual.
