Useful dashboards alerts for administrator

shahzadarif · ‎07-13-2017

I would like to know what reports / dashboards / alerts you've got setup to monitor the state of your Splunk infrastructure?
Right now I've a dashboard which gives me view of licence usage and log files indexed so I know my indexers are working. But there's nothing for let's say SHs. What search would be useful to give me a view of all my SHs are available for searching?
I should add I don't want to view this information in DMC because this dashboard would be run on a raspberry Pi so it must live on SHs.

esix_splunk · ‎07-13-2017

If youre not wanting to use the MC, you can easily take the searches out of the MC, and customize them to what you are looking for. The dash boards in the MC are meant to help understand, and to an extent, manage your distributed Splunk environment. There is plenty in there about SH, but your biggest points to monitor would be CPU, RAM, and search concurrency.

Adapting these prebuilt searches out of the MC would be easiest. Aside from this, you could look at the deprecated SoS App (Splunk on Splunk.) However, most of the searches used in that app were all adapted and put into the MC.

Useful dashboards alerts for administrator

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases