admingit
/
SH-Deployer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4347051769'
${ noResults }
SH-Deployer/apps/SplunkAdmins/default/data/ui/views/smartstore_stats.xml

179 lines
8.9 KiB
Raw Blame History

<form version="1.1">
<label>Dashboard - SmartStore Stats</label>
<description>Also refer to https://github.com/camrunr/s2_traffic_report/blob/master/s2_traffic_report.xml for an alternative view of SmartStore downloads/uploads. To determine which searches are causing cache misses refer to the SearchHeadLevel - SmartStore cache misses reports in this app. Note that the cache misses combined will require the search to complete while the indexing tier version can catch an in-progress search</description>
<fieldset submitButton="false">
<input type="time" token="time">
<label></label>
<default>
<earliest>-60m@m</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="action">
<label>Action</label>
<choice value="*">All</choice>
<choice value="download">download</choice>
<choice value="upload">upload</choice>
<default>*</default>
</input>
<input type="text" token="host">
<label>host</label>
<default></default>
</input>
<input type="dropdown" token="host">
<label>host</label>
<choice value="`indexerhosts`">All Indexers</choice>
<default>`indexerhosts`</default>
</input>
</fieldset>
<row>
<panel>
<title>Also refer to</title>
<html><a href="https://github.com/camrunr/s2_traffic_report/blob/master/s2_traffic_report.xml">SmartStore S2S Traffic report</a> for an alternative dashboard view or <a href="/app/SplunkAdmins/report?s=%2FservicesNS%2Fnobody%2FSplunkAdmins%2Fsaved%2Fsearches%2FSearchHeadLevel%2520-%2520SmartStore%2520cache%2520misses%2520-%2520combined">SearchHeadLevel - SmartStore cache misses combined</a> or <a href="/app/SplunkAdmins/report?s=%2FservicesNS%2Fnobody%2FSplunkAdmins%2Fsaved%2Fsearches%2FIndexerLevel%2520-%2520SmartStore%2520cache%2520misses%2520-%2520remote_searches">SmartStore cache misses - remote_searches</a> to find the searches that are triggering the cache misses</html>
</panel>
</row>
<row>
<panel>
<title>Upload/download latency</title>
<chart>
<search>
<query>index=_internal $host$ TERM(status=succeeded) OR TERM(status=failed) sourcetype=splunkd `splunkadmins_splunkd_source` TERM(action=$action$)
| rangemap field=kb under_300=0-307200 300_700=307201-716800 700_1000=716801-1024000 default=over1000
| eval combined = action . "_" . range
| timechart avg(elapsed_ms) AS avg_elapsed_ms, max(elapsed_ms) AS max_elapsed_ms by combined</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Upload/download thruput</title>
<chart>
<search>
<query>index=_internal sourcetype=splunkd `splunkadmins_splunkd_source` $host$ TERM(status=succeeded) OR TERM(status=failed) TERM(action=$action$)
| timechart sum(eval(kb/1024)) AS MB by action</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>CacheManager Queued download count</title>
<chart>
<search>
<query>```Relates to [cachemanager] max_concurrent_downloads in server.conf. Thanks to Splunk support for the original version of this search``` index=_internal $host$ `splunkadmins_metrics_source` TERM(group=cachemgr_download) sourcetype=splunkd queued
| timechart partial=f limit=50 avg(queued) AS avg_queued by host
| eval ceiling=20</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>CacheManager hits/misses</title>
<chart>
<search>
<query>
index=_internal $host$ `splunkadmins_metrics_source` sourcetype=splunkd group=cachemgr_bucket TERM(cache_hit=*) OR TERM(cache_miss=*)
| timechart sum(cache_hit) as Hits sum(cache_miss) as Misses
</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Excessive cachemanager downloads</title>
<chart>
<search>
<query>```Thanks to Splunk support for the original version of this search, similar version available in the monitoring console...``` index=_internal $host$ `splunkadmins_splunkd_source` sourcetype=splunkd CacheManager TERM(action=download) TERM(status=succeeded) TERM(download_set=*)
| rex field=cache_id "&gt;*\|(?&lt;index_name&gt;.*)~.*~.*\|"
| eval identifier=(cache_id + host)
| stats count by identifier, index_name
| stats count(eval(count&gt;1)) as duplicate_downloads, sum(count) as all_downloads
count(eval(count&gt;8)) as excessive_duplicate_downloads by index_name
| eval duplicate_percent=if(all_downloads=0,0,round((duplicate_downloads/all_downloads)*100,2))
| fields index_name, duplicate_percent all_downloads duplicate_downloads excessive_duplicate_downloads
| rename custom_index as Index, duplicate_percent as "Repeat Download %", all_downloads as "All Downloads", duplicate_downloads as "Repeated"</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>CacheManager downloads by age/index</title>
<chart>
<search>
<query>```Thanks to Splunk support for the original version of this search``` index=_audit $host$ TERM(action=remote_bucket_download) TERM(info=completed)
| eval gbps=kb/1024/1024
| eval age=round((now()-earliest_time)/60/60/24)
| bucket span=30 age
| rex field=cache_id "^[^\|]+\|(?P&lt;index_name&gt;[^~]+)~[^~]+~[^~]+"
| eval age_index = age. " - ".index_name
|timechart span=60s sum(gbps) by age_index limit=10 useother=f usenull=f</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
</form>
Reference in new issue View Git Blame Copy Permalink