Useful dashboards alerts for administrator

shahzadarif · ‎07-13-2017

I would like to know what reports / dashboards / alerts you've got setup to monitor the state of your Splunk infrastructure?
Right now I've a dashboard which gives me view of licence usage and log files indexed so I know my indexers are working. But there's nothing for let's say SHs. What search would be useful to give me a view of all my SHs are available for searching?
I should add I don't want to view this information in DMC because this dashboard would be run on a raspberry Pi so it must live on SHs.

esix_splunk · ‎07-13-2017

If youre not wanting to use the MC, you can easily take the searches out of the MC, and customize them to what you are looking for. The dash boards in the MC are meant to help understand, and to an extent, manage your distributed Splunk environment. There is plenty in there about SH, but your biggest points to monitor would be CPU, RAM, and search concurrency.

Adapting these prebuilt searches out of the MC would be easiest. Aside from this, you could look at the deprecated SoS App (Splunk on Splunk.) However, most of the searches used in that app were all adapted and put into the MC.

Useful dashboards alerts for administrator

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!