Analyze Metrics Data In Splunk ( Part -3 )

Analyze Metrics Data In Splunk ( Part -3 )

Analytics Workspace for metrics data in Splunk
In our earlier posts metrics-1 and metrics-2, we have discussed/shown about metrics data and how to ingest them in Splunk, this post is a continuation in the metrics data segment and here we are showing how to leverage the analytical power of Splunk on the collected metrics data on the Splunk platform.
Step-1 : Log in to your Splunk and select the “Search & Reporting” app.

Screenshot (2)
Step-2 : Navigate to the “Analytics” page.

Screenshot (3)
Step-3 : Select “Metrics” from the expand down option,

Screenshot (4)
Step-4 :  As shown below, it shows the list of all the available metrics data coming to Splunk.

Screenshot (5)
Step -5 : Working in the Splunk “Analytics workshop”.
This workshop has all the available metrics data on the left hand side, while on the right hand side it has got the options for analysis and visualization.
We selected Metrics >> cpu>> system.value ;
Aggregation : Select from the list of available aggregations for your metrics data (changed to max).
Split By : Set the split by field for this metric series (selected host)
NOTE : We are ingesting logs from only one linux server (server-1) so you can’t see the possible impact of the “Split By” option
This generates a chart as shown below,

You can also know about :  Metrics Data Collection Via Collectd( Part - 2 )

Screenshot (221)
Time Shift : It allows you to display an earlier time range in the chart (selected 30 minutes ago)
And below is what we got,

Screenshot (222)
Filters : Click on the “+Add New Filter” option to see the list of available filters, (we can’t add any filters, since we have metrics from only one server) and hit the “Add” button to add it.

Screenshot (229)
Reference Line : Click on the “+ Add New Reference Line” option to see the list of available reference line options, this option allows you to add a horizontal line to indicate significant values or thresholds.

Screenshot (230)
Add new reference line –
Calculation: Select either the reference line should be based on a “Constant Value” or on the “Raw Data”.
Value : Select an aggregation whose value you want as a reference line.
Label : Select the label for the above Value.
Include Value : Select this box if you want to see the value along with the reference line.
Click on the Add button to add this reference line.

Screenshot (231)
We did set up two reference lines, AVG and MAX both based on Raw Data.

And shown below are the changes on the chart,

Screenshot (232)
Chart Settings: Choose a chart based on the way you want to plot the metrics data, (selected Area chart )
NOTE : Area chart doesn’t support reference line.

You can also know about :  Index Time Field Extraction in SPLUNK

Screenshot (226)
We added one more panel in a similar way that shows average of the “load.realtive” metrics ,

aaaaa
Changing the panel layout, you can toggle between “Stack “ and “Grid” layouts, below is a screenshot showing the Grid layout.

Screenshot (227)
That’s it for the post , thanks for your time…

Happy Splunking!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.