Docs » Splunk Observability Cloudの組織のメトリクスを表示する

Splunk Observability Cloudの組織のメトリクスを表示する 🔗

Splunk Observability Cloudは具体的なメトリクスを提供するため、組織のプラットフォームの使用状況を測定することができます。

組織のメトリクスには以下が含まれます:

  • 取り込みのメトリクス:送信したデータポイントの数など、Infrastructure Monitoringに送信しているデータを測定します。

  • アプリ使用状況のメトリクス:組織内のダッシュボードの数など、アプリケーション機能の使用状況を測定します。

  • インテグレーションのメトリクス:AWS CloudWatch APIへのコール数など、組織と統合されたクラウドサービスの使用状況を測定します。

  • リソースのメトリクス:作成したカスタムメトリック時系列(MTS)の数など、制限を指定できるリソースの使用状況を測定します。

これらのメトリクスの使用について料金は発生しません。また、これらは システムの制限 にカウントされません。

組織のメトリクスへのアクセス 🔗

管理者の場合は、「組織の概要」ページの組み込みチャートでこれらのメトリクスの一部を表示できます。すべてのユーザーは、カスタムチャートでこれらのメトリクスを表示できます。

「組織の概要」ページにアクセスするには、以下の手順に従ってください:

  1. Splunk Observability Cloud にログインします。

  2. 左側のナビで、設定 を選択し、組織の概要 を選択します。

  3. 表示したいメトリクスのタブを選択します:

  • エンゲージメント:ユーザーと、ユーザーが作成したチャート、ディテクター、ダッシュボード、ダッシュボードグループ、チームに関するメトリクス。

  • APMエンタイトルメント:APMのトラブルシューティング用。

  • APMのスロットリング;組織内のスロットリングと制限を追跡するメトリクスを強調表示するチャート。

  • IMエンタイトルメント:IMのトラブルシューティング用。

  • IMシステム制限:組織内のシステム制限の使用状況を追跡するメトリクスを特定するチャート。

  • IMのスロットリング;組織内のスロットリングと制限を追跡するメトリクスを強調表示するチャート。

  • クラウドインテグレーション:クラウドプロバイダーAPIからのテレメトリ収集を制限する可能性のあるエラーとスロットリングを追跡するメトリクスを強調表示するチャート。

組織のメトリクスの解釈と活用 🔗

このセクションでは、使用状況に関するメトリクスの解釈と活用に役立つヒントを提供します。

データ制限、データスロットリング、データフィルタリング 🔗

システム制限を追跡するメトリクス および データのスロットリングを追跡するメトリクス で説明されているように、ご利用のプランのエンタイトルメントまたはシステムの制限を超えた場合、データは、制限またはスロットリングされます。

また、データはプラットフォームからフィルタリングされ、特定の組織メトリクス値 で追跡することができます:

  • データは、SignalFxエクスポーター など、特定のコンポーネントで自動的にフィルタリングすることができます。

  • 無効なデータもプラットフォームに到達するとフィルタリングされます。例えば、メトリクス名や値がないデータポイントは無効であり、除外されます。トレースやスパンIDのないスパンも同様です。

grossnum のメトリクス値の比較 🔗

メトリクスの中には、 gross 値と num 値をレポートするものがあります。メトリクスの grossnum の値を比較して、システムがデータを制限またはフィルタリングしているかどうかを確認します。

  • gross メトリクスは、スロットリングやフィルタリングが作動する前にシステムが受信するデータポイントの総数をレポートします。

  • num メトリクスは、システムがスロットリングまたはフィルタリングを完了した後に受信するデータポイントの総数をレポートします。

システム制限を追跡するメトリクス 🔗

これらのメトリクスは、Infrastructure Monitoringが組織に課す制限を追跡します。これらの制限を超えると、データが除外されることがあります。

  • sf.org.limit.activeTimeSeries (ゲージ):過去25時間の移動窓内で、組織が持つことができるアクティブなMTSの最大数。この制限を超えると、Infrastructure Monitoringは新しいMTSのデータポイントの受け入れを停止しますが、既存のMTSのデータポイントの受け入れは継続します。この制限に対する使用状況を監視するには、sf.org.numActiveTimeSeries のメトリクスを使用します。

  • sf.org.limit.containers (gauge): Maximum number of containers that can send data to your organization. This limit is higher than your contractual limit to allow for burst and overage usage. If you exceed this limit, Infrastructure Monitoring drops data points from new containers but keeps accepting data points for existing containers. To monitor your usage against the limit, use the metric sf.org.numResourcesMonitored and filter for the dimension resourceType:containers.

  • sf.org.limit.computationsPerMinute (ゲージ):1分あたりのSignalFlowの最大計算回数。

  • sf.org.limit.customMetricMaxLimit (ゲージ):過去60分間の移動窓内で、組織にデータを送信できるアクティブなカスタムMTSの最大数。この制限を超えると、Infrastructure Monitoringは、制限を超えたカスタムMTSのデータポイント を除外しますが、すでに存在していたカスタムMTSのデータポイントの受け入れは継続します。sf.org.numCustomMetrics で定義したカスタムメトリクスを参照してください。

    カスタムMTSの詳細は、カスタムメトリクスとバンドルメトリクスについて を参照してください。

  • sf.org.limit.customMetricTimeSeries (ゲージ):アクティブなカスタムMTSの最大数。

  • sf.org.limit.detector (ゲージ):組織に使用できるディテクターの最大数。この上限に達すると、新しいディテクターを作成できなくなります。作成するディテクターの数を監視するには、sf.org.num.detector のメトリクスを使用します。

  • sf.org.limit.eventsPerMinute (ゲージ):1分あたりの受信イベントの最大数。

  • sf.org.limit.hosts (ゲージ):組織にデータを送信できるホストの最大数。この制限は、バーストおよび超過使用を許容するために、契約上の上限よりも高く設定されています。この制限を超えると、Infrastructure Monitoringは新しいホストからのデータポイントを除外しますが、既存のホストのデータポイントの受け入れは継続します。この制限に対する使用状況を監視するには、sf.org.numResourcesMonitored メトリクスと resourceType:hosts ディメンションのフィルターを使用します。

  • sf.org.limit.metricTimeSeriesCreatedPerMinute (ゲージ):組織での新規MTS作成の最大レート。1分あたりのMTSで測定されます。このレートを超えると、Infrastructure Monitoringは新しいMTSのデータポイントの受け入れを停止しますが、既存のMTSのデータポイントの受け入れは継続します。作成したメトリクスの総数を監視するには、sf.org.numMetricTimeSeriesCreated のメトリクスを使用します。

データのスロットリングを追跡するメトリクス 🔗

前のセクションで説明したように、特定のシステム制限は、「上限」、つまりSplunk Observability Cloudで許可される要素の最大数として機能します。ただし、プラットフォームはデータ取り込みのペースも制限しています。レートの制限を超えた場合、Splunk Observability Cloudは、送信されて来るデータをスロットリング(減速)する可能性があります。

名前に limit または limited が含まれる組織のメトリクスは、量の上限に達していることを示しますが、throttled が含まれるメトリクス(たとえば、sf.org.numThrottledMetricTimeSeriesCreateCalls )は、レート/時間の上限に達していることを示し、したがって、1分あたりのデータポイント数を超えて送信することができなくなります。

詳細は、製品別のシステム制限 を参照してください

トークン別の値のメトリクス 🔗

Infrastructure Monitoringが2つの類似したメトリクスを持つ場合があります:

  • 1つのメトリクスは、sf.org.numAddDatapointCalls のように、組織全体の合計を表します。

  • これに類似したメトリクス、sf.org.numAddDatapointCallsByToken は、使用される一意のアクセストークンごとの合計を表します。

測定において、すべてのトークン別メトリクス値の合計が、合計値メトリクスの値より小さくなる場合があります。たとえば、すべての sf.org.numAddDatapointCallsByToken 値の合計が、sf.org.numAddDatapointCalls の値より小さくなる場合があります。この合計に差が生じるのは、Infrastructure Monitoringが、統合されたクラウドサービスからのデータの取得にトークンを使用しないためです。Infrastructure Monitoringは、統合されたサービスのデータポイントのコール数をカウントしますが、特定のトークンのコール数をカウントする方法は持っていません。

AWS CloudWatch、GCP StackDriver、AppDynamicsについて、この値の差が発生します。

各メトリクスタイプに対して値を持つメトリクス 🔗

一部のメトリクスは、メトリクスのタイプ(カウンター、累積カウンター、ゲージ)ごとに値を持つため、メトリクスごとに3つのMTSがあります。各MTSには、COUNTERCUMULATIVE_COUNTER、または GAUGE の値を持つ category というディメンションがあります。これらのメトリクスは複数のMTSを持つ可能性があるため、sum() のSignalFlow関数を使用して合計値を確認する必要があります。

例えば、sf.org.numMetricTimeSeriesCreated について3つのMTSを受け取る可能性があります。カウンターであるMTSの数に対して1つ、累積カウンターであるMTSの数に対して1つ、ゲージであるMTSの数に対して1つです。

また、category を単一の値でフィルタリングして(例: GAUGE )、そのタイプのメトリクスだけを表示することもできます。

停止したディテクターをカウントするメトリクス 🔗

sf.org.numDetectorsAborted のメトリクスは、ディテクターがリソース制限に達したためにInfrastructure Monitoringが停止させたディテクターの数を監視します。大部分は、ディテクターが250K MTSの制限を超えた場合です。この条件はまた、ディテクターID、停止の理由、およびMTSまたはデータポイントの値または制限(ディテクターが停止した原因となったいずれか)の詳細を記録するイベント sf.org.abortedDetectors も生成します。

詳細については、イベントを使用してメトリクスにコンテキストを追加する を参照してください。

クラウド認証エラーのメトリクス 🔗

ロールを編集してクラウドサービスに対するユーザーの権限を削除すると、クラウドサービスプロバイダーからの認証エラーが発生する場合があります。この場合、Splunk Observability Cloudのインテグレーションは正しく動作せず、ご利用のサービスからデータとメタデータを収集できません。

Splunk Observability Cloudには、認証エラーを追跡するための以下のメトリクスがあります:

  • sf.org.num.awsServiceAuthErrorCount

  • sf.org.num.gcpServiceAuthErrorCount

  • sf.org.num.azureServiceAuthErrorCount

これらのエラーが発生した場合は、Splunk Observability Cloudがデータを取得できるようにするため、ロールまたはトークンを修正する必要があります。

ダッシュボード で、これらのエラーを使用して、この問題が発生しているかどうかを検出することができます。

子組織のメトリクス 🔗

親組織に関連する子組織がある場合、子組織のメトリクスもSplunk Observability Cloudに追加されます。これらは、同等の親組織のメトリクスと同じ値を表し、child プレフィックスで識別することができます。

例えば、sf.org.child.numCustomMetrics は、Splunk Observability Cloudがこの子組織について監視しているカスタムメトリクスの数を表します。これは、sf.org.numCustomMetrics が親組織について監視されているカスタムメトリクスの数を表すのと同様です。

組織のメトリクスのリスト 🔗

メトリクスファインダー を使用して、組織のメトリクスを検索します。

Splunk Observability Cloudは、以下の組織メトリクスを提供しています:

NameDescriptionType
sf.org.apm.grossContentBytesReceived

The volume of bytes Splunk APM receives off the wire before discarding invalid and throttled spans. This content could be compressed.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.apm.grossSpanBytesReceived

The number of bytes Splunk APM receives from spans after decompression but before discarding invalid and throttled spans.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.apm.grossSpanBytesReceivedByToken

The number of bytes Splunk APM receives for a specific access token from ingested span data after decompression but before discarding invalid and throttled spans.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.apm.grossSpansReceived

The number of spans Splunk APM received before discarding invalid and throttled spans.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.apm.ingestLatency.duration.ns.min

The minimum duration of the ingest latency in Splunk APM.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
gauge
sf.org.apm.limit.monitoringMetricSets

The ingested Metric Set data limit in Splunk APM.

gauge
sf.org.apm.limit.spanBytes

The ingested span data limit in Splunk APM.

gauge
sf.org.apm.limit.troubleshootingMetricSets

The limit for troubleshooting Metric Sets in Splunk APM.

gauge
sf.org.apm.numAddSpansCalls

The number of calls to the /v2/trace endpoint.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.apm.numAddSpansCallsByToken

The number of calls to the /v2/trace endpoint for a specific access token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.apm.numContainers

The number of containers actively sending data to Splunk APM.

  • Dimension(s): orgId
  • Data resolution: 1 minute
gauge
sf.org.apm.numHosts

The number of hosts that are actively sending data to Splunk APM.

  • Dimension(s): orgId
  • Data resolution: 1 minute
gauge
sf.org.apm.numSpanBytesReceived

The number of bytes Splunk APM accepts from ingested span data after decompression and discarding invalid and throttled spans.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.apm.numSpanBytesReceivedByToken

The number of bytes Splunk APM accepts for a specific access token for a span after decompression and discarding invalid and throttled spans.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.apm.numSpansDroppedBlocked

The number of spans that APM was unable to process or has dropped. A span can be dropped for the following reasons:

  • blockedTraceID: If any ingest endpoint reaches the 100k limit for spans in a given trace, then the trace is added to the list of blocked traces so that all the ingest endpoints block any future spans.

  • tooManySpansInTrace: Trace submitted over 100k spans at the first ingest stage

    sf.org.apm.numSpansDroppedBlocked has the following dimensions and data resolution:

  • Dimension(s): orgId

  • Data resolution: 1 second

counter
sf.org.apm.numSpansDroppedBlockedByToken

The number of spans for a specific token that APM was unable to process or has dropped. A span can be dropped for the following reasons:

  • blockedTraceID: If any ingest endpoint reaches the 100k limit for spans in a given trace, then the trace is added to the list of blocked traces so that all the ingest endpoints block any future spans.

  • tooManySpansInTrace: Trace submitted over 100k spans at the first ingest stage

    sf.org.apm.numSpansDroppedBlocked has the following dimensions and data resolution:

  • Dimension(s): orgId

  • Data resolution: 1 second

counter
sf.org.apm.numSpansDroppedInvalid

The number of invalid spans Splunk APM receives. A span can be invalid for the following reasons:

  • invalidTraceID: Trace ID isn't a 16-byte or 32-byte hex number
  • noOperationName: No operation name was provided
  • spanTooLarge: Span body exceeds 64KiB
  • zeroStartTime: The start timestamp is 0
  • zipkinV2BinaryAnnotations: Unsupported Zipkin feature

sf.org.apm.numSpansDroppedInvalid has the following dimensions and data resolution:

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.apm.numSpansDroppedInvalidByToken

The number of invalid spans Splunk APM receives for a specific access token. A span can be invalid for the following reasons:

  • invalidTraceID: Trace ID isn't a 16-byte or 32-byte hex number
  • noOperationName: No operation name was provided
  • spanTooLarge: Span body exceeds 64KiB
  • zeroStartTime: The start timestamp is 0
  • zipkinV2BinaryAnnotations: Unsupported Zipkin feature

sf.org.apm.numSpansDroppedInvalidByToken has the following dimensions and data resolution:

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.apm.numSpansDroppedOversize

This metric is deprecated. See sf.org.apm.numSpansDroppedInvalid with the spanTooLarge dimension.

The number of spans Splunk APM receives that are too large to process.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.apm.numSpansDroppedOversizeByToken

This metric is deprecated. See sf.org.apm.numSpansDroppedInvalid with the spanTooLarge dimension.

The number of spans Splunk APM receives that are too large to process for a specific access token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.apm.numSpansDroppedThrottle

The number of spans Splunk APM dropped after you exceeded the allowed ingest volume. Splunk APM drops spans it receives after the ingestion volume limit is reached.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.apm.numSpansDroppedThrottleByToken

The number of spans Splunk APM received for a specific access token beyond the allowed ingest volume. Splunk APM drops spans it receives after the ingestion volume limit is reached.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.apm.numSpansReceived

The number of spans Splunk APM accepts after discarding invalid and throttled spans.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.apm.numSpansReceivedByToken

The number of spans Splunk APM received for a specific access token after discarding invalid and throttled spans.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.apm.grossSpansReceivedByToken

The number of spans Splunk APM receives for a specific access token before discarding invalid and throttled spans.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.apm.subscription.containers

The entitlement for the number of containers for your subscription plan.

  • Dimension(s): orgId
  • Data resolution: 2 minutes
gauge
sf.org.apm.subscription.hosts

The entitlement for the number of hosts for your subscription plan.

  • Dimension(s): orgId
  • Data resolution: 2 minutes
gauge
sf.org.apm.subscription.monitoringMetricSets

The entitlement for the number of Monitoring MetricSets as part of your subscription plan.

  • Dimension(s): orgId
  • Data resolution: 2 minutes
gauge
sf.org.apm.subscription.spanBytes

The entitlement for the number of bytes per minutes for your subscription plan.

  • Dimension(s): orgId
  • Data resolution: 2 minutes
gauge
sf.org.apm.subscription.traces

The entitlement for the number of traces analyzed per minute (TAPM) as part of your subscription plan.

  • Dimension(s): orgId
  • Data resolution: 2 minutes
gauge
sf.org.apm.subscription.troubleshootingMetricSets

The entitlement for the number of Troubleshooting MetricSets as part of your subscription plan.

  • Dimension(s): orgId
  • Data resolution: 2 minutes
gauge
sf.org.apm.numTracesReceived

The number of traces Splunk APM receives and processes.

  • Dimension(s): orgId
  • Data resolution: 1 minute
counter
sf.org.apm.numTroubleshootingMetricSets10s

The cardinality of Troubleshooting MetricSets (TMS) for each 10-second window.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
gauge
sf.org.apm.numTroubleshootingMetricSets

The cardinality of Troubleshooting MetricSets (TMS) for each 1-minute time window.

  • Dimension(s): orgId
  • Data resolution: 1 minute
counter
sf.org.apm.numMonitoringMetricSets

The cardinality of histogram Monitoring MetricSets (MMS) for each 10-minute time window.

  • Dimension(s): orgId
  • Data resolution: 10 minutes
counter
sf.org.apm.numContentBytesReceived

The volume of bytes Splunk APM accepts off the wire discarding invalid and throttled spans. This content could be compressed.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.apm.grossContentBytesReceivedByToken

The volume of bytes Splunk APM receives off the wire for a specific access token before discarding invalid and throttled spans. This content could be compressed.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.apm.numContentBytesReceivedByToken

The volume of bytes Splunk APM accepts off the wire for a specific access token after discarding invalid and throttled spans. This content could be compressed.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.abortedDetectors

Contains the detectorID and reason for abort with the value/limit of MTS, or data points, whichever caused the detector to stop

cumulative
sf.org.cloud.grossDpmContentBytesReceived

Number of content bytes received, but not necessarily admitted, for Cloud services

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.datapointsTotalCountByToken

Total datapoints by token

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.datainventory.datapointsAdded

Number of data points retrieved from the AWS integration

  • Dimension(s): type: AWS, service, region, integrationId
  • Data resolution: 10 seconds
count
sf.org.datainventory.latestTimestamp

Timestamp of the last data point retrieved from an integration

  • Dimension(s): type: AWS, service, region, integrationId
  • Data resolution: 10 seconds
gauge
sf.org.datainventory.mtses

Number of Metric Time Series retrieved from an AWS integration. It’s only generated when AWS metrics are polled, and is not available with Metric Streams

  • Dimension(s): type: AWS, service, region, integrationId
  • Data resolution: 10 seconds
gauge
sf.org.datainventory.resources

Number of AWS resources polled by an AWS integration. It's only generated when AWS metrics are polled, and is not available with Metric Streams

  • Dimension(s): type: AWS, service, region, integrationId
  • Data resolution: 10 seconds
gauge
sf.org.grossDatapointsReceived

Number of data points received, but not necessarily admitted.

cumulative
sf.org.grossDatapointsReceivedByToken

Number of data points receuved, but not necessarily admitted, per token.

cumulative
sf.org.grossDpmContentBytesReceived

Number of content bytes received, but not necessarily admitted.

counter
sf.org.limit.activeTimeSeries

Maximum number of active MTS, within a moving window of the past 25 hours, that your organization can have. If you exceed this limit, Infrastructure Monitoring stops accepting data points for new MTS, but continues to accept data points for existing MTS. To monitor your usage against the limit, use the metric sf.org.numActiveTimeSeries.

The number of active MTS is the total number of MTS that have received at least one data point within a moving window of the last 25 hours.

gauge
sf.org.limit.containers

Maximum number of containers that can send data to your organization. This limit is higher than your contractual limit to allow for burst and overage usage. If you exceed this limit, Infrastructure Monitoring drops datapoints from new containers but keeps accepting data points for existing containers. To monitor your usage against the limit, use the metric sf.org.numResourcesMonitored and filter for the dimension resourceType:containers.

gauge
sf.org.limit.customMetricTimeSeries

Maximum number of active custom MTS, within a moving window of the previous 60 minutes, that you're allowed to have in your organization. If you exceed this limit, Infrastructure Monitoring stops accepting data points for new custom MTS, but it continues to accept data points for custom MTS that already existed. To see the number of MTS you're allowed to have, use the metric sf.org.numCustomMetrics. To learn more about custom MTS, see the section About custom, bundled, and high-resolution metrics in the user documentation.

gauge
sf.org.limit.detector

Maximum number of detectors you can use for your organization. After you reach this limit, you can't create more new detectors. To monitor the number of detectors you create, use the metric sf.org.num.detector.

gauge
sf.org.limit.hosts

Maximum number of hosts that can send data to your organization. This limit is higher than your contractual limit to allow for burst and overage usage. If you exceed this limit, Infrastructure Monitoring drops data points from new hosts but keeps accepting data points for existing hosts. To monitor your usage against the limit, use the metric sf.org.numResourcesMonitored and filter for the dimension resourceType:hosts.

gauge
sf.org.limit.metricTimeSeriesCreatedPerMinute

Maximum rate at which you can create new MTS in your organization, measured in MTS per minute. If you exceed this rate, Infrastructure Monitoring stops accepting data points for new MTS, but continues to accept data points for existing MTS. To monitor the number of metrics you've created overall, use the metric sf.org.numMetricTimeSeriesCreated.

gauge
sf.org.log.grossContentBytesReceived

The volume of bytes Splunk Log Observer receives from ingesting logs off the wire before filtering and throttling. This content can be compressed.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.grossContentBytesReceivedByToken

The volume of bytes Splunk Log Observer receives from ingesting logs off the wire for a specific access token after filtering and throttling. This content can be compressed.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.grossMessageBytesReceived

The number of bytes Splunk Log Observer receives from ingested logs after decompression but before filtering and throttling are complete.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.grossMessageBytesReceivedByToken

The number of bytes received by Splunk Log Observer for a specific access token from ingested logs after decompression but before filtering and throttling are complete.

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.log.grossMessagesReceived

The total number of log messages Splunk Log Observer receives before filtering and throttling.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.grossMessagesReceivedByToken

The total number of log messages Splunk Log Observer receives for a specific access token before filtering and throttling.

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.log.numContentBytesReceived

The volume of bytes Splunk Log Observer receives from ingesting logs off the wire after filtering and throttling. This content can be compressed.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.numContentBytesReceivedByToken

The volume of bytes Splunk Log Observer receives from ingesting logs off the wire for a specific access token after filtering and throttling. This content can be compressed.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.numLogsDroppedIndexThrottle

The number of logs Splunk Log Observer drops after the organization's allowed logs index limit threshold is met.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.numMessageBytesReceived

The number of bytes Splunk Log Observer receives from ingested logs after decompression, filtering, and throttling are complete.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.numMessageBytesReceivedByToken

The number of bytes Splunk Log Observer receives for a specific access token from ingested logs after decompression, filtering, and throttling are complete.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.numMessagesDroppedThrottle

The number of log messages Splunk Log Observer drops after the allowed ingest volume is exceeded. Splunk Log Observer drops messages it receives after the ingestion volume is reached.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.numMessagesDroppedOversize

The number of log messages Splunk Log Observer receives that are too large to process.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.numMessagesDroppedOversizeByToken

The number of log messages Splunk Log Observer receives that are too large to process for a specific access token.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.numMessagesDroppedThrottleByToken

The number of log messages Splunk Log Observer drops for a specific access token after the allowed ingest volume is exceeded. Splunk Log Observer drops messages it receives after the ingestion volume is reached.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.numMessagesReceived

The total number of log messages Splunk Log Observer accepts after filtering and throttling.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.numMessagesReceivedByToken

The total number of log messages Splunk Log Observer accepts for a specific access token after filtering and throttling.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.log.numMessageBytesIndexed

Bytes of data stored in the Log Observer index after applying pipeline management rules.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.num.alertmuting

Total number of alert muting rules; includes rules currently in effect and rules not currently in effect (e.g. scheduled muting rules).

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.awsServiceAuthErrorCount

Total number authentication errors thrown by AWS services.

  • Dimension(s): integrationId, orgId, namespace (AWS Cloudwatch namespace),clientInterface (AWS SDK Interface), method (AWS SDK method)
  • Data resolution: 1 second
gauge
sf.org.num.awsServiceCallCount

Total number of calls made to the Amazon API.

  • Dimension(s): orgId, namespace (AWS service, such as AWS/Cloudwatch), method (the API being called, such as getMetricStatistics)
  • Data resolution: 5 seconds
gauge
sf.org.num.awsServiceCallCountExceptions

Number of calls made to the Amazon API that threw exceptions.

  • Dimension(s): orgId, namespace (AWS service, such as AWS/Cloudwatch), method (the API being called, such as getMetricStatistics), location (where the exception occurred, either client or server)
  • Data resolution: 5 seconds
gauge
sf.org.num.awsServiceCallThrottles

Number of calls made to the Amazon API that are being throttled by AWS because you have exceeded your AWS API Call limits.

  • Dimension(s): orgId, namespace (AWS service, such as AWS/Cloudwatch), method (the API being called, such as getMetricStatistics)
  • Data resolution: 5 seconds
gauge
sf.org.num.azureServiceClientCallCount

Total number of calls made to the Azure API.

  • Dimension(s): orgId, integrationId, subscriptionId, api (AzureMonitor or AzureResourceManager), method (only for api=AzureMonitor, the API being called, such as getTimeseries), resource (only for api=AzureResourceMonitor, resource asked for, such as microsoft.compute/virtualmachines)
  • Data resolution: 5 seconds
counter
sf.org.num.azureServiceClientCallCountErrors

Number of calls to Azure API that threw errors.

  • Dimension(s): orgId, integrationId, subscriptionId, api (AzureMonitor or AzureResourceManager), method (only for api=AzureMonitor, the API being called, such as getTimeseries), resource (only for api=AzureResourceMonitor, resource asked for, such as microsoft.compute/virtualmachines)
  • Data resolution: 1 second
counter
sf.org.num.azureServiceClientCallCountThrottles

Number of calls to Azure API that were throttled.

  • Dimension(s): orgId, integrationId, subscriptionId, api (AzureMonitor or AzureResourceManager), method (only for api=AzureMonitor, the API being called, such as getTimeseries), resource (only for api=AzureResourceMonitor, resource asked for, such as microsoft.compute/virtualmachines)
  • Data resolution: 1 second
counter
sf.org.num.chart

Total number of charts; includes any charts created using the Infrastructure Monitoring API but not associated with a dashboard.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.credentials

Total number of integrations that have been configured with credentials in Infrastructure Monitoring, for the purpose of retrieving metrics (example: AWS Cloudwatch) or sending alerts (example: PagerDuty).

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.crosslink

Total number of crosslinks.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.dashboard

Total number of dashboards; includes all user, custom, and built-in dashboards

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.detector

Total number of detectors; includes detectors that are muted.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.numDetectorsAborted

Number of detector jobs stopped because they reached a resource limit (usually MTS limit).

  • Dimension(s): orgId
  • Data resolution: 5 seconds
counter
sf.org.num.detectortemplate

Number of detector templates.

cumulative
sf.org.num.dimension

Number of unique dimensions across all time series.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.eventtimeseries

Number of event time series (ETS) available to be visualized in charts and detectors.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.eventtype

Number of unique event types across all ETS.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.gcpServiceClientCallCount

Number of calls to each GCP API client method.

  • Dimension(s): orgId, project_id, method (the API being called, such as getTimeSeries)
  • Data resolution: 1 second
counter
sf.org.num.gcpServiceClientCallCountErrors

Number of calls to each GCP API client method that threw errors.

  • Dimension(s): orgId, project_id, method (the API being called, such as getTimeSeries)
  • Data resolution: 1 second
counter
sf.org.num.gcpServiceClientCallCountThrottles

Number of calls to each GCP API client method that were throttled.

  • Dimension(s): orgId, project_id, method (the API being called, such as getTimeSeries)
  • Data resolution: 1 second
counter
sf.org.num.metric

Number of unique metrics across all MTS.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.metrictimeseries

Number of metric time series (MTS) available to be visualized in charts and detectors.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.migrationmarker

Number of migration markers.

gauge
sf.org.num.mutingactive

Number of active muting rules

gauge
sf.org.num.namedtoken

Number of organization access tokens, including disabled tokens.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.navigator

Number of options available in the sidebar in the Infrastructure Navigator.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.notifications

Number of notifications.

cumulative
sf.org.num.orgpreference

Number of org preferences.

null
sf.org.num.orguser

Total number of members and admins associated with an organization; includes invited users who have not yet logged in.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.page

Total number of dashboard groups; includes user, custom, and built-in dashboard groups.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.property

Number of properties; includes only properties you have created, not dimensions. For the latter, use sf.org.num.dimension.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.role

Number of roles in your system.

  • Dimension(s): orgId
  • Data resolution: 63 minutes
gauge
sf.org.num.service

Number of services.

null
sf.org.num.shareablesnapshot

Number of shareable snapshots.

null
sf.org.num.source

Number of sources.

null
sf.org.num.tag

Number of tags available for use.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.team

Number of teams in the organization.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.num.teammember

Number of users that are members of teams; can be greater than the total number of users. For example, if team A has 30 members and team B has 20 members, the value is 50 even if there are only 30 members in the org.

  • Dimension(s): orgId
  • Data resolution: 15 minutes
gauge
sf.org.numActiveTimeSeries

Total number of metric time series (MTS) currently active in the organization.

The number of active MTS is the total number of MTS that have received at least one data point within a moving window of the last 25 hours.

(Use sf.org.numInactiveTimeSeries to see how many MTS are not active.)

  • Dimension(s): orgId
  • Data resolution: 1 second
gauge
sf.org.numAddDatapointCalls

Number of calls to send data points to Infrastructure Monitoring.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.numAddDatapointCallsByToken

One value per token; number of calls to send data points to Infrastructure Monitoring. The sum of all the values might be less than the value of sf.org.numAddDatapointCalls. To learn more, see Metrics for values by token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numAddEventsCalls

Number of calls to send custom events to Infrastructure Monitoring.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.numAddEventsCallsByToken

One value per token; number of calls to send custom events to Infrastructure Monitoring. The sum of all the values might be less than the value of sf.org.numAddEventsCalls. To learn more, see Metrics for values by token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numApmApiCalls

Number of calls made to APM’s public APIs.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.numApmBundledMetrics

Number of APM Bundled Metrics for your org.

  • Dimension(s): orgId
  • Data resolution: 10 minutes
gauge
sf.org.numApmBundledMetricsByToken

Number of APM Bundled Metrics for your org for a specific token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 minutes
gauge
sf.org.numBackfillCalls

One value per metric type, each representing the number of times a backfill API call was used to send metrics to Infrastructure Monitoring. You can have up to three MTS for this metric; each MTS is sent with a dimension named category with a value of "counter", "cumulative_counter", or "gauge". To learn more, see Metrics with values for each metric type.

  • Dimension(s): category, orgId
  • Data resolution: 1 second
counter
sf.org.numBackfillCallsByToken

One value per metric type per token, each representing the number of times a backfill API call was used to send metrics to Infrastructure Monitoring. You can have up to three MTS associated with each token; each MTS is sent with a dimension named category with a value of "counter","cumulative_counter", or "gauge". To learn more, see Metrics with values for each metric type. The sum of all the values might be less than the value of sf.org.numBackfillCalls. To learn more, see Metrics for values by token.

  • Dimension(s): category, orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numBadDimensionMetricTimeSeriesCreateCalls

Number of calls to create MTS that have failed due to an error with dimensions.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.numBadDimensionMetricTimeSeriesCreateCallsByToken

Number of calls to create MTS that have failed due to an error with dimensions, per token.

  • Dimension(s): orgId
  • Data resolution: 35 seconds
counter
sf.org.numBadMetricMetricTimeSeriesCreateCalls

Number of calls to create MTS that have failed due to an error with metrics.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.numBadMetricMetricTimeSeriesCreateCallsByToken

Number of calls to create MTS that have failed due to an error with metrics, per token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 35 seconds
counter
sf.org.numCustomMetrics

Number of custom metrics monitored by Infrastructure Monitoring. For billing purposes, 10 archived metrics are converted to 1 real-time metric, and 1 histogram metric is converted to 8 real-time metrics.

  • Dimension(s): orgId
  • Data resolution: 10 minutes
counter
sf.org.numComputationsStarted

Number of SignalFlow computations, which mostly consist of chart views and detectors, started. Use this metric to know the rate at which you're starting new SignalFlow jobs.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.numComputationsStartedByToken

One value per token. Number of SignalFlow computations, which mostly consist of chart views and detectors, started. Use this metric to know the rate at which you're starting new SignalFlow jobs.

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.numComputationsThrottled

The number of SignalFlow computations, which mostly consist of chart views and detectors, throttled because you reach the maximum number of SignalFlow jobs you can run for your organization. To learn more about this limit, see Maximum number of SignalFlow jobs per organization.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.numComputationsThrottledByToken

One value per token. The number of computations, which mostly consist of chart views and detectors, throttled because you reach the maximum number of SignalFlow jobs you can run for your organization. To learn more about this limit, see Maximum number of SignalFlow jobs per organization.

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.numCustomMetricsByToken

One value per token; number of custom metrics monitored by Splunk Observability Cloud. For billing purposes, 10 archived metrics are converted to 1 real-time metric, and 1 histogram metric is converted to 8 real-time metrics.

The sum of all the values might be less than the value of sf.org.numCustomMetrics. To learn more, see Metrics for values by token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 minutes
counter
sf.org.numDatapointsBackfilled

One value per metric type, each representing the number of data points that were sent using a backfill API. You can have up to three MTS for this metric; each MTS is sent with a dimension named category with a value of "counter", "cumulative_counter", or "gauge". To learn more, see Metrics with values for each metric type.

  • Dimension(s): category, orgId
  • Data resolution: 1 second
counter
sf.org.numDatapointsBackfilledByToken

One value per metric type per token, each representing the number of data points that were sent using a backfill API. You can have up to three MTS for this metric; each MTS is sent with a dimension named category with a value of "counter", "cumulative_counter", or "gauge". To learn more, see Metrics with values for each metric type. The sum of all the values might be less than the value of sf.org.numDatapointsBackfilled. To learn more, see Metrics for values by token.

  • Dimension(s): category, orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numDatapointsDroppedBatchSize

Number of data points dropped because a single request contained more than 100,000 data points. In this scenario, Observability Cloud drops data points because it perceives sending more than 100,000 data points in a single request as excessive.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.numDatapointsDroppedBatchSizeByToken

Number of data points dropped because a single request contained more than 100,000 data points, per token. In this scenario, Observability Cloud drops data points because it perceives sending more than 100,000 data points in a single request as excessive.

  • Dimension(s): orgId, tokenId
  • Data resolution: 40 seconds
counter
sf.org.numDatapointsDroppedExceededQuota

Total number of new data points you sent to Infrastructure Monitoring but that Infrastructure Monitoring didn't accept, because your organization exceeded its subscription limit. To learn more, see Exceeding your system limits.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.numDatapointsDroppedExceededQuotaByToken

One value per token; number of new data points you sent to Infrastructure Monitoring but that Infrastructure Monitoring didn't accept, because your organization exceeded its subscription limit. To learn more, see Exceeding your system limits.

The sum of all the values might be less than the value of sf.org.numDatapointsDroppedExceededQuota. To learn more, see Metrics for values by token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numDatapointsDroppedInvalid

Number of data points dropped because they didn't follow documented guidelines for data points. For example, the metric name was too long, the metric name included unsupported characters, or the data point contained no values.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.numDatapointsDroppedInvalidByToken

Number of data points for a specific access token that are dropped because they didn't follow documented guidelines for data points. For example, the metric name was too long, the metric name included unsupported characters, or the data point contained no values.

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.numDatapointsDroppedInTimeout

Number of data points Observability Cloud didn't attempt to create because your account was throttled or limited in the previous few seconds and creation was very unlikely to succeed.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
counter
sf.org.numDatapointsDroppedInTimeoutByToken

Per token, number of data points Observability Cloud didn't attempt to create because your account was throttled or limited in the previous few seconds and creation was very unlikely to succeed.

null
sf.org.numDatapointsDroppedThrottle

Total number of data points you sent to Infrastructure Monitoring that Infrastructure Monitoring didn't accept because your organization significantly exceeded its DPM limit. For help with this issue, reach out to support at observability-support@splunk.com. Unlike sf.org.numDatapointsDroppedExceededQuota, this metric represents data points for both existing and new MTS. If Infrastructure Monitoring is throttling your organization, it isn't keeping any of your data.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.numDatapointsDroppedThrottleByToken

One value per token; number of data points you sent to Infrastructure Monitoring but that Infrastructure Monitoring didn't accept because your organization significantly exceeded its DPM limit. For help with this issue, reach out to support at observability-support@splunk.com. Unlike sf.org.numDatapointsDroppedExceededQuota, this metric represents data points for both existing and new MTS. If Infrastructure Monitoring is throttling your organization, it isn't keeping any of your data. The sum of all the values might be less than the value of sf.org.numDatapointsDroppedThrottle. To learn more, see Metrics for values by token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numDatapointsReceivedByMetricType

One value per metric type, each representing the number of data points that Infrastructure Monitoring received and processed. You can have up to four MTS for this metric, one for each metric type: gauge, counter, cumulative counter, and histogram. To learn more, see Metrics with values for each metric type. The sum of the values represents the total number of data points you sent to Infrastructure Monitoring minus any data points that weren't accepted because you exceeded a limit.

undefined
sf.org.numDimensionObjectsCreated

Total number of dimensions created.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
gauge
sf.org.numDimensionObjectsCreatedByToken

Total number of dimensions created by token.

* Dimension(s):  `orgId`, `tokenId`
* Data resolution: 40 seconds
gauge
sf.org.numEventSearches

Number of event searches.

* Dimension(s):  `orgId`
* Data resolution: 10 seconds
counter
sf.org.numEventSearchesThrottled

Number of event searches that were throttled.

* Dimension(s):  `orgId`
* Data resolution: 10 seconds
counter
sf.org.numEventTimeSeriesCreated

Total number of event time series (ETS) created. For MTS values, see sf.org.numMetricTimeSeriesCreated.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.numEventTimeSeriesCreatedByToken

One value per token; number of event time series (ETS) created. For MTS values, see sf.org.numMetricTimeSeriesCreatedByToken. The sum of all the values might be less than the value of sf.org.numEventTimeSeriesCreated. To learn more, see Metrics for values by token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numEventsDroppedThrottle

Number of custom events you sent to Infrastructure Monitoring but that Infrastructure Monitoring didn't accept, because your organization exceeded its per-minute limit.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.numEventsDroppedThrottleByToken

For each token, this is the number of custom events you sent to Infrastructure Monitoring but that Infrastructure Monitoring didn't accept, because your organization significantly exceeded its per-minute limit. The sum of all the values might be less than the value of sf.org.numEventsDroppedThrottle. To learn more, see Metrics for values by token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numEventsReceived

Number of events received.

null
sf.org.numEventsReceivedByToken

Number of events received, per token.

null
sf.org.numHighResolutionMetrics

Number of high resolution metrics monitored by Infrastructure Monitoring

  • Dimension(s): orgId
  • Data resolution: 10 minutes
counter
sf.org.numHighResolutionMetricsByToken

For each token, this is the number of high resolution metrics monitored by Infrastructure Monitoring. The sum of all the values might be less than the value of sf.org.numHighResolutionMetrics. To learn more, see Metrics for values by token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 minutes
counter
sf.org.numHostMetaDataEventsDroppedThrottle

Number of host metadata events dropped because of throttling.

* Dimension(s):  `orgId`
* Data resolution: 40 seconds
counter
sf.org.numHostMetaDataEventsDroppedThrottleByToken

Number of host metadata events dropped because of throttling, per token.

* Dimension(s):  `orgId, tokenId`
* Data resolution: 40 seconds
counter
sf.org.numInactiveTimeSeries

Total number of previously active metric time series (MTS) that are no longer active. The total number of inactive MTS is the total number of metric time series (MTS) that haven't received any data points in the last 25 hours. You can still find these MTS in Observability Cloud until they expire. The standard retention period is 13 months.

Use sf.org.numActiveTimeSeries to see how many MTS are active.

  • Dimension(s): orgId
  • Data resolution: 1 second
gauge
sf.org.numInvalidEventsDropped

Number of events dropped due to being invalid.

  • Dimension(s): orgId
  • Data resolution: 10 seconds
gauge
sf.org.numLimitedEventTimeSeriesCreateCalls

Number of event time series (ETS) that Infrastructure Monitoring was unable to create because you exceeded the maximum number of ETS allowed.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.numLimitedEventTimeSeriesCreateCallsByToken

One value per token, each representing the number of event time series (ETS) Infrastructure Monitoring was unable to create because you exceeded the maximum number of ETS allowed. The sum of all the values might be less than the value of sf.org.numLimitedEventTimeSeriesCreateCalls. To learn more, Metrics for values by token.

  • Dimension(s): category, orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numLimitedMetricTimeSeriesCreateCalls

Number of metric time series (MTS) not created because your account reached a category limit (or subscription limit).

  • Dimension(s): category, orgId
  • Data resolution: 10 seconds
counter
sf.org.numLimitedMetricTimeSeriesCreateCallsByCategoryType

One value per metric type, each representing the number of metric time series (MTS) not sent to Infrastructure Monitoring because you've reached your maximum limit for active MTS, hosts, containers, custom metrics, bundled metrics, functions, high-resolution metrics, Application Performance Monitoring (APM) metrics, or APM bundled metrics. You can have up to three MTS for this metric; each MTS is sent with a dimension named category with a value of "counter", "cumulative_counter", or "gauge". To learn more, see Metrics with values for each metric type.

  • Dimension(s): categoryType, orgId
  • Data resolution: 10 seconds
counter
sf.org.numLimitedMetricTimeSeriesCreateCallsByCategoryTypeByToken

One value per metric type per token, each representing the number of metric time series (MTS) not sent to Infrastructure Monitoring because you've reached your maximum limit for active MTS, hosts, containers, custom metrics, bundled metrics, functions, high-resolution metrics, Application Performance Monitoring (APM) metrics, or APM bundled metrics. You can have up to three MTS for this metric; each MTS is sent with a dimension named category with a value of "counter", "cumulative_counter", or "gauge". To learn more, see Metrics for values by token.

  • Dimension(s): categoryType, orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.numLimitedMetricTimeSeriesCreateCallsByToken

One value per metric type per token, each representing the number of metric time series (MTS) not sent to Infrastructure Monitoring because you've reached your maximum limit for active MTS, hosts, containers, custom metrics, bundled metrics, functions, high-resolution metrics, Application Performance Monitoring (APM) metrics, or APM bundled metrics.

The number of active MTS is the total number of MTS that have received at least one data point within a moving window of the last 25 hours.

You can have up to three MTS for this metric; each MTS is sent with a dimension named category with a value of "counter", "cumulative_counter", or "gauge". To learn more, see Metrics with values for each metric type. The sum of all the values might be less than the value of sf.org.numLimitedMetricTimeSeriesCreateCalls. To learn more, see Metrics for values by token.

  • Dimension(s): category,orgId,tokenId`
  • Data resolution: 1 second
counter
sf.org.numLogsReceivedByToken

Number of logs received by token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.numMappingsAdded

Number of mappings added.

null
sf.org.numMappingsAddedByToken

Per token, number of mappings added.

null
sf.org.numMetadataWrites

Number of metadata writes.

null
sf.org.numMetadataWritesByToken

Per token, number of metadata writes.

null
sf.org.numMetadataWritesThrottled

Number of metadata writes throttled.

null
sf.org.numMetadataWritesThrottledByToken

Number of metadata writes throttled per token.

null
sf.org.numMetricTimeSeriesCreated

One value per metric type, each representing the number of metric time series (MTS) created that have that type. You can have up to three MTS for this metric; each MTS is sent with a dimension named category with a value of "counter", "cumulative_counter", or "gauge". To learn more, see Metrics with values for each metric type.

  • Dimension(s): category, orgId
  • Data resolution: 5 seconds
counter
sf.org.numMetricTimeSeriesCreatedByToken

One value per metric type per token, each representing the number of metric time series (MTS) created that have that type. You can have up to three MTS for this metric; each MTS is sent with a dimension named category with a value of "counter", "cumulative_counter", or "gauge". To learn more, see Metrics with values for each metric type. The sum of all the values might be less than the value of sf.org.numMetricTimeSeriesCreated. To learn more, see Metrics for values by token.

  • Dimension(s): category, orgId, tokenId
  • Data resolution: 5 seconds
counter
sf.org.numMetricObjectsCreatedByToken

Number of metric objects created by token.

* Dimension(s):  `tokenId`, `orgId`
* Data resolution: 40 seconds
gauge
sf.org.numNewDimensions

The number of new dimensions (key:value pairs) created.

  • Data resolution: 5 minutes
counter
sf.org.numNewDimensionsByName

The number of new dimensions created for each unique dimension name (key from key:value pair). Only the top 100 dimension names (by number of dimensions created) are included, in addition to dimension name sf_metric, which is always included.

  • Data resolution: 5 minutes
counter
sf.org.numProcessDataEventsDroppedThrottleByToken

Per token, number of data ingest process events dropped due to throttling, because you exceeded your system limits.

  • Dimension(s): orgId, tokenId
  • Data resolution: 40 seconds
counter
sf.org.numPropertyLimitedMetricTimeSeriesCreateCalls

Number of metric time series (MTS) Infrastructure Monitoring was unable to create because you reached your maximum number of unique dimension names.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.numPropertyLimitedMetricTimeSeriesCreateCallsByToken

One value per token; number of metric time series (MTS) Infrastructure Monitoring was unable to create because you reached your maximum number of unique dimension names. The sum of all the values might be less than the value of sf.org.numPropertyLimitedMetricTimeSeriesCreateCalls. To learn more, see Metrics for values by token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numResourceMetrics

Number of resource metric time series (MTS) received from host and container categories.

The resourceType dimension indicates whether the value represents hosts or containers.

  • Dimension(s): orgId, resourceType
  • Data resolution: 10 minutes
gauge
sf.org.numResourceMetricsbyToken

Number of resource metric time series (MTS) received from host and container categories, per token.

The resourceType dimension indicates whether the value represents hosts or containers.

  • Dimension(s): orgId, resourceType, tokenId
  • Data resolution: 10 minutes
gauge
sf.org.numResourcesMonitored

Number of hosts or containers that Infrastructure Monitoring is currently monitoring. The resourceType dimension indicates whether the value represents hosts or containers.

  • Dimension(s): orgId, resourceType
  • Data resolution: 10 minutes
counter
sf.org.numResourcesMonitoredByToken

One value per token; number of hosts or containers that Infrastructure Monitoring is monitoring. This metric isn't created until a host or container starts sending a host or container metric. The resourceType dimension indicates whether the value represents hosts or containers. The sum of all the values might be less than the value of sf.org.numResourcesMonitored. To learn more, see Metrics for values by token.

  • Dimension(s): orgId, resourceType, tokenId
  • Data resolution: 10 minutes
counter
sf.org.numRestCalls

Number of REST calls made to the Infrastructure Monitoring API.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.numRestCallsThrottled

Number of REST calls you made to the Infrastructure Monitoring API that were not accepted by Infrastructure Monitoring, because your organization significantly exceeded its per-minute limit.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.numRestCallsThrottledByToken

For each token, the number of REST calls you made to the Infrastructure Monitoring API that were not accepted by Infrastructure Monitoring because your organization significantly exceeded its per-minute limit. The sum of all the values might be less than the value of sf.org.numRestCallsThrottled. To learn more, see Metrics for values by token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numThrottledEventTimeSeriesCreateCalls

Total number of event time series (ETS) that Infrastructure Monitoring was unable to create, because you significantly exceeded your per-minute event creation limit.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.numThrottledEventTimeSeriesCreateCallsByToken

For each token, the number of event time series (ETS) that Infrastructure Monitoring was unable to create because you significantly exceeded your per-minute event creation limit. The sum of all the values might be less than the value of sf.org.numThrottledEventTimeSeriesCreateCalls. To learn more, see Metrics for values by token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numThrottledMetricTimeSeriesCreateCalls

Number of metric time series (MTS) that Infrastructure Monitoring was unable to create because you significantly exceeded your per-minute or per-hour MTS creation limit.

  • Dimension(s): orgId
  • Data resolution: 1 second
counter
sf.org.numThrottledMetricTimeSeriesCreateCallsByToken

For each token, the number of metric time series (MTS) Infrastructure Monitoring was unable to create because your organization significantly exceeded its per-minute or per-hour MTS creation limit. The sum of all the values might be less than the value of sf.org.numThrottledMetricTimeSeriesCreateCalls. To learn more, see [Metrics for values by token](#metrics for values by token).

  • Dimension(s): orgId, tokenId
  • Data resolution: 1 second
counter
sf.org.numUniqueNamesInNewDimensions

The number of unique dimension names (keys) created in all new dimensions

  • Data resolution: 5 minutes
counter
sf.org.subscription.activeTimeSeries

Maximum number of active metric time series (MTS).

The number of active MTS is the total number of MTS that have received at least one data point within a moving window of the last 25 hours.

  • Data resolution: 15 minutes
gauge
sf.org.subscription.datapointsPerMinute

Maximum number of data points per minute (DPM) that Infrastructure Monitoring will process and store.

  • Data resolution: 15 minutes
gauge
sf.org.subscription.containers

Number of containers included in the subscription.

  • Data resolution: 10 seconds
gauge
sf.org.subscription.customMetrics

Number of custom metric time series (MTS) included in the subscription.

  • Data resolution: 10 seconds
gauge
sf.org.subscription.highResolutionMetrics

Number of high resolution metric time series (MTS) included in the subscription.

  • Data resolution: 10 seconds
gauge
sf.org.subscription.hosts

Number of hosts included in the subscription.

  • Data resolution: 10 seconds
gauge
sf.org.subscription.function

Number of serverless functions included in the subscription.

  • Data resolution: 10 seconds
gauge
sf.org.ui.num.pagevisits

Number of UI page visits.

null
sf.org.rum.numSpansReceived

Number of spans received.

  • Dimension: orgId
  • Data resolution: 10 seconds
counter
sf.org.rum.numSpansReceivedByToken

The number of spans Splunk RUM received for a specific access token after discarding invalid and throttled spans.

  • Dimension: orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.rum.numAddSpansCalls

The number of calls to the /v1/rum?auth={AUTH_TOKEN} endpoint.

  • Dimension: orgId
  • Data resolution: 10 seconds
counter
sf.org.rum.numAddSpansCallsByToken

The number of calls to the /v1/rum?auth={AUTH_TOKEN} endpoint for a specific access token.

  • Dimension: orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.rum.numSpansDroppedInvalid

Number of spans dropped because they were invalid. Some of the reasons that spans are invalid are: spans are too large, missing required tags and invalid Trace IDs. Look through the reason column in the data table to see details for specific spans.

  • Dimension: orgId, reason
  • Data resolution: 10 seconds
counter
sf.org.rum.numSpansDroppedInvalidByToken

The number of invalid spans Splunk RUM receives for a specific access token. Some of the reasons that spans are invalid are: spans are too large, missing required tags and invalid Trace IDs. Look through the reason column in the data table to see details for specific spans.

  • Dimensions: orgId, tokenId, reason
  • Data resolution: 10 seconds
counter
sf.org.rum.numSpansDroppedThrottle

The number of spans Splunk RUM dropped after you exceeded the allowed ingest volume.

  • Dimension: orgId
  • Data resolution: 10 seconds
counter
sf.org.rum.numSpansDroppedThrottleByToken

The number of spans Splunk RUM dropped after you exceeded the allowed ingest volume for a specific access token.

  • Dimension: orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.rum.numSpanBytesReceived

The bytes of all the spans accepted and counted by the metric numSpansReceived.

  • Dimensions: orgId
  • Data resolution: 10 seconds
counter
sf.org.rum.numSpanBytesReceivedByToken

The bytes of all the spans accepted and counted by the metric numSpansReceived by token.

  • Dimensions: orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.rum.grossSpanBytesReceivedByToken

The uncompressed bytes of all the spans received and counted by the metric grossSpansReceived for a specific access token before discarding invalid and throttled spans. This is a per token metric.

  • Dimensions: orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.rum.numContentBytesReceived

The volume of bytes Splunk RUM receives after discarding invalid and throttled spans.

  • Dimensions: orgId
  • Data resolution: 10 seconds
counter
sf.org.rum.grossContentBytesReceivedByToken

The possibly compressed wire size of the payloads before the payloads are decompressed and decoded by token.

  • Dimensions: orgId, tokenId
  • Data resolution: 10 seconds
counter
sf.org.rum.grossContentBytesReceived

The possibly compressed wire size of the payloads before the payloads are decompressed and decoded.

  • Dimensions: orgId
  • Data resolution: 10 seconds
counter
sf.org.rum.grossReplayContentBytesReceived

The possibly compressed wire size of the payloads before the payloads are decompressed and decoded, per RUM session replay.

  • Dimensions: orgId
  • Data resolution: 10 seconds
counter
sf.org.numHistogramCustomMetrics

The number of custom histogram metrics monitored in Splunk Observability Cloud. For billing purposes, this is the raw number of custom histogram metrics and isn't multiplied.

  • Dimension(s): orgId
  • Data resolution: 10 minutes
counter
sf.org.numHistogramCustomMetricsByToken

The number of custom histogram metrics monitored in Splunk Observability Cloud for a specific token. For billing purposes, this is the raw number of custom histogram metrics and isn't multiplied.

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 minutes.
counter
sf.org.numArchivedCustomMetrics

The raw number of archived custom metrics monitored in Splunk Observability Cloud.

  • Dimension(s): orgId
  • Data resolution: 10 minutes.
counter
sf.org.numArchivedCustomMetricsByToken

The raw number of archived custom metrics monitored in Splunk Observability Cloud for a specific token.

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 minutes
counter
sf.org.numBillableArchivedCustomMetrics

The number of billable archived custom metrics monitored in Splunk Observability Cloud. This number is adjusted from the raw number in sf.org.numArchivedCustomMetrics.

  • Dimension(s): orgId
  • Data resolution: 10 minutes
counter
sf.org.numBillableArchivedCustomMetricsByToken

The number of billable archived custom metrics monitored in Splunk Observability Cloud for a specific token. This number is adjusted from the raw number in sf.org.numArchivedCustomMetricsByToken.

  • Dimension(s): orgId, tokenId
  • Data resolution: 10 minutes
counter
sf.org.numArchivedDatapointsReceived

The raw number of data points received from archived metrics in Splunk Observability Cloud.

  • Dimension(s): orgId
  • Data resolution: 10 minutes
counter
sf.org.numBillableDatapoints

The total number of billable data points received in Splunk Observability Cloud.

  • Dimension(s): orgId
  • Data resolution: 10 minutes
counter
sf.org.numBillableArchivedDatapoints

The number of billable data points from archived metrics in Splunk Observability Cloud. This number is adjusted from the raw number in sf.org.numArchivedCustomMetrics.

  • Dimension(s): orgId
  • Data resolution: 10 minutes
counter
sf.org.numBillableHistogramDatapoints

The number of billable data points from histogram metrics in Splunk Observability Cloud. This number is adjusted from the raw number in sf.org.numArchivedCustomMetricsByToken.

  • Dimension(s): orgId
  • Data resolution: 10 minutes
counter

トラブルシューティング 🔗

Splunk Observability Cloudをご利用のお客様で、Splunk Observability Cloud内のデータを確認できない場合は、以下の方法でサポートを受けることができます。

Splunk Observability Cloudをご利用のお客様

見込み客および無料トライアルユーザー様

  • Splunk Answers のコミュニティサポートで質問し、回答を得る

  • Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups in the Get Started with Splunk Community manual.

このページは 2025年02月11日 に最終更新されました。