Navigating Data Chaos with Splunk Metrics Workspace

The Splunk Metrics Workspace launched at .conf18 to enable easy investigation, analysis and actioning on Metrics and Accelerated Datasets through an intuitive GUI. We received an overwhelming response from our users as it allows us to quickly analyze time series data without using SPL, and create dashboards, reports and alerts. The latest release (v1.1) provides a bunch of new capabilities and enhancements to do even more sophisticated analysis.

First and foremost, the app now comes pre-installed in the latest Splunk Enterprise 7.3 and will be available as a default app in all future Splunk Enterprise 7.3+ releases.

The new features in this release include:

  • New streamlined analysis panel with granular controls and multiple series
  • Second y-axis to easily analyze metrics with different scales
  • Index Aggregations to distinguish metrics from multiple indexes
  • Search for related events for quick metrics and events co-analysis

We’ll refer to the Bike Rental company as an example that we mentioned in the last blog post on the Splunk Metrics Workspace. A quick refresher—we're analyzing rental usage metrics, weather metrics and social media data for a Bike Rental company. Sample data is available here.

New Analysis Panel & Multiple Series Support

It's quite common to visualize related metrics on the same chart to better analyze how they are changing together. For example, we want to see how the number of bikes rented, wind speed and temperature are related. We can probably make an educated guess here that low wind speed and higher temperatures are positively correlated with the number of bikes rented. The latest version allows you to visualize these three metrics on the same chart for correlation. We can add more metrics from the data panel or by cloning a series from the analysis panel. We can also visualize multiple time-shifted series to this chart.

New Analysis Pane with Multiple Series, dual y-axis and stacking

Dual Y-Axis Support

Different metrics like these can have different ranges of values, making visualization difficult on a common scale. You can now add a second y-axis with a different scale to make this easier. This can be done for each metric by selecting “Display on right axis” checkbox for a series in the analysis panel. We can also enable stacking for the series on left y-axis through the chart settings section.

Index automatically added as a dimension

Events & Metrics Co-Analysis

And finally, as Splunk enables analysis of both events and metrics data, we've further refined the ‘Search for Related Events’ action for multiple series, which pulls up related events in the time range selected. The related events are searched using the host field values associated with the metrics. We’ll enable more co-analysis methods to make it easy to co-analyze events and metrics in Splunk.

Searching for Related Events for RCA

Download the latest version of Splunk Enterprise 7.3, which comes pre-installed with Splunk Metrics Workspace, or download the app from Splunkbase for Splunk Enterprise and Splunk Cloud (7.1 & 7.2).

If you would like to learn more about what's coming next and request new features, send an email to

Kumar Varun
Posted by

Kumar Varun

Kumar Varun is a Sr. Product Manager at Splunk and focuses on building next-generation analytics tools and experiences. Prior to Splunk, he was Sr. Product Manager, Analytics and AI at Cray Supercomputers where he built a high-performance full-stack data science platform for commercial and scientific computing markets. He is an electrical engineer by training with Bachelors and Masters from IIT, Bombay and an MBA from USC Marshall School of Business. He started his career at Motorola Semiconductors where he worked for 10 years in different engineering and management roles.


Navigating Data Chaos with Splunk Metrics Workspace

Show All Tags
Show Less Tags

Join the Discussion