The Splunk Metrics Workspace launched at .conf18 to enable easy investigation, analysis and actioning on Metrics and Accelerated Datasets through an intuitive GUI. We received an overwhelming response from our users as it allows us to quickly analyze time series data without using SPL, and create dashboards, reports and alerts. The latest release (v1.1) provides a bunch of new capabilities and enhancements to do even more sophisticated analysis.
First and foremost, the app now comes pre-installed in the latest Splunk Enterprise 7.3 and will be available as a default app in all future Splunk Enterprise 7.3+ releases.
The new features in this release include:
- New streamlined analysis panel with granular controls and multiple series
- Second y-axis to easily analyze metrics with different scales
- Index Aggregations to distinguish metrics from multiple indexes
- Search for related events for quick metrics and events co-analysis
We’ll refer to the Bike Rental company as an example that we mentioned in the last blog post on the Splunk Metrics Workspace. A quick refresher—we're analyzing rental usage metrics, weather metrics and social media data for a Bike Rental company. Sample data is available here.
New Analysis Panel & Multiple Series Support
It's quite common to visualize related metrics on the same chart to better analyze how they are changing together. For example, we want to see how the number of bikes rented, wind speed and temperature are related. We can probably make an educated guess here that low wind speed and higher temperatures are positively correlated with the number of bikes rented. The latest version allows you to visualize these three metrics on the same chart for correlation. We can add more metrics from the data panel or by cloning a series from the analysis panel. We can also visualize multiple time-shifted series to this chart.
|New Analysis Pane with Multiple Series, dual y-axis and stacking|
Dual Y-Axis Support
Different metrics like these can have different ranges of values, making visualization difficult on a common scale. You can now add a second y-axis with a different scale to make this easier. This can be done for each metric by selecting “Display on right axis” checkbox for a series in the analysis panel. We can also enable stacking for the series on left y-axis through the chart settings section.
|Index automatically added as a dimension|
Events & Metrics Co-Analysis
And finally, as Splunk enables analysis of both events and metrics data, we've further refined the ‘Search for Related Events’ action for multiple series, which pulls up related events in the time range selected. The related events are searched using the host field values associated with the metrics. We’ll enable more co-analysis methods to make it easy to co-analyze events and metrics in Splunk.
|Searching for Related Events for RCA|
If you would like to learn more about what's coming next and request new features, send an email to email@example.com.