Splunk Metrics Workspace, released at .conf18, provides a visual, easy to use and intuitive interface for quickly discovering, analyzing and acting on time series data—Metrics and Accelerated Datasets.
In this blog post, we’ll go through a brief background of logs and metrics with Splunk, design principles behind the Metrics Workspace and do a quick round-up of features.
Splunk has been making machine data accessible, usable and valuable for over a decade by enabling ingestion and analysis of a variety of data. To that end—and with digital systems becoming more and more sophisticated—Splunk provided native support for metrics to collect time series data. New ways of ingesting metrics were introduced including the latest Logs-to-Metrics feature. At this point, let’s quickly review metrics which are a series of numbers generated at consistent time intervals.
A metric in Splunk has a time, name, measure (value) and dimensions. For example, a business analyst at a bike rental company could be interested in collecting and analyzing the following metrics every 30 minutes:
From the Mobile-App
- # of availability Check Requests
- # Available
- # Unavailable
These metrics can have dimensions such as different cities the rental company operates, days of the week, types of users that allows the analyst to dig deeper in the data to figure out trends, seasonality, correlations and any anomalous data points. Below is a snapshot of this data, and you can play with this test data available for download from Splunkbase.
After speaking with users it became obvious that metrics have a very short half-life and need to be consumed for analysis when they are fresh! That—coupled with a large number of metrics—demanded a solution that integrated metric discovery, quick analysis and actioning in a self-serve environment for business analysts. These design principles guided the creation and development of Metrics Workspace.
Another important aspect of complex systems or programs that beta users highlighted was that even though more and more metrics are being monitored, a lot of critical information for deeper analysis is still in the form of events and logs. Raw logs and related events are used for deeper analysis and metrics analysis is becoming a starting point for this iterative analysis flow.
Splunk Metrics Workspace provides this iterative analysis flow in an intuitive and easy to use way. After selecting a specific time range for a set of metrics and optionally applying filters or splits, you can pull up related events from logs to look at the whole system during that time. This brings log events and metrics analysis in the same view.
A quick overview of features:
- Data panel auto-populates metrics which were active in the last 24 hrs (configurable)
- Search across metrics, accelerated datasets and alerts simultaneously
- Quick visualization of metrics with multiple types of aggregations, splits-by, filters, time comparison
- Create alerts, dashboard panels with backward linkage to Workspace from Dashboard and Alerts tabs for editing
- Find related events
What's next? We’ll be coming out with lots of cool features to make it easy for you to analyze metrics and datasets. Keep watching this space for more info!