Skip to content

Latest commit

 

History

History
590 lines (383 loc) · 17.6 KB

documentation.md

File metadata and controls

590 lines (383 loc) · 17.6 KB
Raw

splunkenterprise

Default Metrics

The following metrics are emitted by default. Each of them can be disabled by applying the following configuration:

metrics:
  <metric_name>:
    enabled: false

splunk.aggregation.queue.ratio

Gauge tracking the average indexer aggregation queue ration (%). Note:* Search is best run against a Cluster Manager.

Unit Metric Type Value Type
{%} Gauge Double

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.buckets.searchable.status

Gauge tracking the number of buckets and their searchable status. Note:* Search is best run against a Cluster Manager.

Unit Metric Type Value Type
{count} Gauge Int

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str
splunk.indexer.searchable The searchability status reported for a specific object Any Str

splunk.indexer.avg.rate

Gauge tracking the average rate of indexed data. Note: Search is best run against a Cluster Manager.

Unit Metric Type Value Type
KBy Gauge Double

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.indexer.cpu.time

Gauge tracking the number of indexing process cpu seconds per instance

Unit Metric Type Value Type
{s} Gauge Double

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.indexer.queue.ratio

Gauge tracking the average indexer index queue ration (%). Note:* Search is best run against a Cluster Manager.

Unit Metric Type Value Type
{%} Gauge Double

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.indexer.raw.write.time

Gauge tracking the number of raw write seconds per instance

Unit Metric Type Value Type
{s} Gauge Double

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.indexes.avg.size

Gauge tracking the indexes and their average size (gb). Note:* Search is best run against a Cluster Manager.

Unit Metric Type Value Type
Gb Gauge Double

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str

splunk.indexes.avg.usage

Gauge tracking the indexes and their average usage (%). Note:* Search is best run against a Cluster Manager.

Unit Metric Type Value Type
{%} Gauge Double

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str

splunk.indexes.bucket.count

Gauge tracking the indexes and their bucket counts. Note:* Search is best run against a Cluster Manager.

Unit Metric Type Value Type
{count} Gauge Int

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str

splunk.indexes.median.data.age

Gauge tracking the indexes and their median data age (days). Note:* Search is best run against a Cluster Manager.

Unit Metric Type Value Type
{days} Gauge Int

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str

splunk.indexes.size

Gauge tracking the indexes and their total size (gb). Note:* Search is best run against a Cluster Manager.

Unit Metric Type Value Type
Gb Gauge Double

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str

splunk.io.avg.iops

Gauge tracking the average IOPs used per instance

Unit Metric Type Value Type
{iops} Gauge Int

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.license.index.usage

Gauge tracking the indexed license usage per index

Unit Metric Type Value Type
By Gauge Int

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str

splunk.parse.queue.ratio

Gauge tracking the average indexer parser queue ration (%). Note:* Search is best run against a Cluster Manager.

Unit Metric Type Value Type
{%} Gauge Double

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.pipeline.set.count

Gauge tracking the number of pipeline sets per indexer. Note: Search is best run against a Cluster Manager.

Unit Metric Type Value Type
KBy Gauge Int

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.scheduler.avg.execution.latency

Gauge tracking the average execution latency of scheduled searches

Unit Metric Type Value Type
{ms} Gauge Double

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.scheduler.avg.run.time

Gauge tracking the average runtime of scheduled searches

Unit Metric Type Value Type
{ms} Gauge Double

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.scheduler.completion.ratio

Gauge tracking the ratio of completed to skipped scheduled searches

Unit Metric Type Value Type
{%} Gauge Double

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.typing.queue.ratio

Gauge tracking the average indexer typing queue ration (%). Note:* Search is best run against a Cluster Manager.

Unit Metric Type Value Type
{%} Gauge Double

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

Optional Metrics

The following metrics are not emitted by default. Each of them can be enabled by applying the following configuration:

metrics:
  <metric_name>:
    enabled: true

splunk.data.indexes.extended.bucket.count

Count of buckets per index

Unit Metric Type Value Type
{buckets} Gauge Int

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str

splunk.data.indexes.extended.bucket.event.count

Count of events in this bucket super-directory. Note:* Must be pointed at specific indexer endpoint.

Unit Metric Type Value Type
{events} Gauge Int

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str
splunk.bucket.dir The bucket super-directory (home, cold, thawed) for each index Any Str

splunk.data.indexes.extended.bucket.hot.count

(If size > 0) Number of hot buckets. Note:* Must be pointed at specific indexer endpoint.

Unit Metric Type Value Type
{buckets} Gauge Int

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str
splunk.bucket.dir The bucket super-directory (home, cold, thawed) for each index Any Str

splunk.data.indexes.extended.bucket.warm.count

(If size > 0) Number of warm buckets. Note:* Must be pointed at specific indexer endpoint and gathers metrics from only that indexer.

Unit Metric Type Value Type
{buckets} Gauge Int

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str
splunk.bucket.dir The bucket super-directory (home, cold, thawed) for each index Any Str

splunk.data.indexes.extended.event.count

Count of events for index, excluding frozen events. Approximately equal to the event_count sum of all buckets. Note:* Must be pointed at specific indexer endpoint and gathers metrics from only that indexer.

Unit Metric Type Value Type
{events} Gauge Int

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str

splunk.data.indexes.extended.raw.size

Size in bytes on disk of the /rawdata/ directories of all buckets in this index, excluding frozen Note:* Must be pointed at specific indexer endpoint and gathers metrics from only that indexer.

Unit Metric Type Value Type
By Gauge Int

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str

splunk.data.indexes.extended.total.size

Size in bytes on disk of this index Note:* Must be pointed at specific indexer endpoint and gathers metrics from only that indexer.

Unit Metric Type Value Type
By Gauge Int

Attributes

Name Description Values
splunk.index.name The name of the index reporting a specific KPI Any Str

splunk.indexer.throughput

Gauge tracking average bytes per second throughput of indexer. Note:* Must be pointed at specific indexer endpoint and gathers metrics from only that indexer.

Unit Metric Type Value Type
By/s Gauge Double

Attributes

Name Description Values
splunk.indexer.status The status message reported for a specific object Any Str

splunk.kvstore.backup.status

Backup and restore status of the KV store.

Unit Metric Type Value Type
{status} Gauge Int

Attributes

Name Description Values
splunk.kvstore.status.value The string value of the status returned when reporting on KV store using the introspection endpoint Any Str

splunk.kvstore.replication.status

Replication status of the KV store.

Unit Metric Type Value Type
{status} Gauge Int

Attributes

Name Description Values
splunk.kvstore.status.value The string value of the status returned when reporting on KV store using the introspection endpoint Any Str

splunk.kvstore.status

This is the overall status of the kvstore for the given deployment.

Unit Metric Type Value Type
{status} Gauge Int

Attributes

Name Description Values
splunk.kvstore.storage.engine The backend storage used by the KV store Any Str
splunk.kvstore.external Value denoting if the KV store is using an external service Any Str
splunk.kvstore.status.value The string value of the status returned when reporting on KV store using the introspection endpoint Any Str

splunk.server.introspection.queues.current

Gauge tracking current length of queue. Note:* Must be pointed at specific indexer endpoint and gathers metrics from only that indexer.

Unit Metric Type Value Type
{queues} Gauge Int

Attributes

Name Description Values
splunk.queue.name The name of the queue reporting a specific KPI Any Str

splunk.server.introspection.queues.current.bytes

Gauge tracking current bytes waiting in queue. Note:* Must be pointed at specific indexer endpoint and gathers metrics from only that indexer.

Unit Metric Type Value Type
By Gauge Int

Attributes

Name Description Values
splunk.queue.name The name of the queue reporting a specific KPI Any Str

splunk.server.searchartifacts.adhoc

Gauge tracking number of ad hoc search artifacts currently on disk. Note:* Must be pointed at specific Search Head endpoint and gathers metrics from only that Search Head. Available in builds 9.1.2312.207+ and 9.3.x+.

Unit Metric Type Value Type
{search_artifacts} Gauge Int

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.server.searchartifacts.completed

Gauge tracking number of artifacts currently on disk that belong to finished searches. Note:* Must be pointed at specific Search Head endpoint and gathers metrics from only that Search Head. Available in builds 9.1.2312.207+ and 9.3.x+.

Unit Metric Type Value Type
{search_artifacts} Gauge Int

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.server.searchartifacts.incomplete

Gauge tracking number of artifacts currently on disk that belong to unfinished/running searches. Note:* Must be pointed at specific Search Head endpoint and gathers metrics from only that Search Head. Available in builds 9.1.2312.207+ and 9.3.x+.

Unit Metric Type Value Type
{search_artifacts} Gauge Int

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.server.searchartifacts.invalid

Gauge tracking number of artifacts currently on disk that are not in a valid state, such as missing info.csv file, etc. Note:* Must be pointed at specific Search Head endpoint and gathers metrics from only that Search Head. Available in builds 9.1.2312.207+ and 9.3.x+.

Unit Metric Type Value Type
{search_artifacts} Gauge Int

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.server.searchartifacts.job.cache.count

Gauge tracking number search artifacts metadata stored in memory, available in builds 9.1.2312.207+ and 9.3.x+.

Unit Metric Type Value Type
{search_artifacts} Gauge Int

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.server.searchartifacts.job.cache.size

Gauge tracking, in megabytes, memory used to cache job status and job info of all search artifacts, available in builds 9.1.2312.207+ and 9.3.x+.

Unit Metric Type Value Type
{mb} Gauge Int

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str
splunk.searchartifacts.cache.type The search artifacts cache type Any Str

splunk.server.searchartifacts.savedsearches

Gauge tracking, for the splunk.server.searchartifacts.scheduled number of scheduled search artifacts, how many different saved-searches they belong to. Note:* Must be pointed at specific Search Head endpoint and gathers metrics from only that Search Head. Available in builds 9.1.2312.207+ and 9.3.x+.

Unit Metric Type Value Type
{search_artifacts} Gauge Int

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str

splunk.server.searchartifacts.scheduled

Gauge tracking number of scheduled search artifacts currently on disk. Note:* Must be pointed at specific Search Head endpoint and gathers metrics from only that Search Head. Available in builds 9.1.2312.207+ and 9.3.x+.

Unit Metric Type Value Type
{search_artifacts} Gauge Int

Attributes

Name Description Values
splunk.host The name of the splunk host Any Str