Introducing Resource Metrics: Elevate Your Insights with the New Workload Dashboard
Splunk is excited to introduce Resource Metrics in Workload Dashboard (WLD) — a modern and intuitive monitoring experience in the Cloud Monitoring Console (CMC) app. These new metrics are designed to complement the information that is available in the WLD Dashboard; Splunk Admins gain deeper insights into how much infrastructure capacity their Splunk deployment uses, as well as overall health and performance.
What are Resource Metrics?
Resource metrics are a set of new metrics that Splunk launched to increase administrators’ visibility into Splunk workloads using capacity (For example, memory, CPU, I/O, Cache) to understand how organizations are using resources in each Splunk Cloud Platform deployment. With these metrics, administrators can easily identify resource bottlenecks and optimize their capacity and SVC (Splunk Virtual Compute) usage.
These metrics exist across 2 areas:
-
Resource metrics for Indexers
- Indexer memory utilization: This shows the latest 90th percentile measurement of the memory utilized by all processes running across the time frame selected for all the indexer hosts
- Indexer cache churn: This shows the rate at which data is evicted from cache memory to make room for new data. It's a measure of cache downloaded as a percentage of total storage.
- Indexer CPU utilization: This shows the latest 90th percentile measurement of CPU utilization across all indexers
-
Resource metrics for Search Heads
- Search Head memory utilization: This shows the latest 90th percentile measurement of the memory utilized across search heads for the time selected.
- Search Head CPU utilization: This shows the latest 90th percentile measurement of CPU utilization across all search heads.
Why it Matters
Until today, Splunk Cloud Platform customers measured their capacity using the SVC (Splunk Virtual Compute) metric alone metric. The SVC usage metric on its own cannot efficiently explain why SVC consumption might increase without a corresponding rise in search or ingest activities, or why it might remain constant despite an increase in searches. Resource Metrics in the Workload Dashboard fill that gap and provide clear SVC insights to Admins unlocking control over workload utilization within their deployment.
Key Customer Value
This enhanced visibility empowers customers to:
- Understand Consumption: Gain a precise understanding of their resource usage, resolving previous ambiguities around SVC consumption.
- Diagnose Problems: Find answers to their capacity-related questions independently, increasing their efficiency.
- Optimize Usage: Make informed decisions about their Splunk Cloud Platform environments based on usage data, leading to better optimization and cost management.
- Increased Transparency: Experience greater transparency regarding their Splunk Cloud Platform resource consumption.
How can customers access the Resource Metrics?
Customers can access these metrics through the Overview and Workload dashboards.
Within the Overview dashboard, navigate to "Top Metrics" and select any of the five metrics within the "Resource Metrics" category. Customers can view these metrics and click on the drilldown link inside the top metric cards to access the Workload dashboard for further investigation.
The Workload dashboard displays resource metrics by default, complete with thresholds and recommendations for high values. Detailed visualizations are also available directly within the Workload dashboard for deeper analysis.
Interpretation of Resource Metrics
Elevated 60 - 80%
Critical ≥ 80%
- Data Ingest Latency
- Out of Memory errors
-
Reduce search workload by:
- Reducing search concurrency
- Reducing search time ranges, which will reduce runtime and might reduce concurrency
- Simplifying searches
-
Addressing blocked queues by reducing ingestion rate
-
Talk to your sales representative about adding more SVCs, which will add additional indexers.
Elevated 5 - 20%
Critical ≥ 20%
- Slow searches
- Scheduled search delays
- Optimize searches
- Talk to your sales representative about adding more SVCs, which will add indexers and increase cache capacity.
Elevated 60 - 80%
Critical ≥ 80%
- Ingest Delays
- Data Quality Issues
-
Reduce ingestion rate
-
Reduce search workload by:
- Reducing search concurrency
- Reducing search time ranges, which will reduce runtime and might reduce concurrency
- Simplifying searches
- Creating saved searches that summarize data
-
Talk to your sales representative about adding more SVCs, which will add additional indexers.
Elevated 60 - 80%
Critical ≥ 80%
- Scheduled search delays
- Ad hoc search interruptions
-
Reduce search workload by:
- Reducing search time ranges, which will reduce data scanned by searches and in turn might reduce memory usage
- Simplifying searches
-
Talk to your sales representative about adding more SVCs, which will add additional search heads.
Elevated 60 - 80%
Critical ≥ 80%
- Scheduled search delays
- Ad hoc search interruptions
-
Reduce search workload by:
- Reducing search concurrency
- Reducing search time ranges, which will reduce runtime and might reduce concurrency
- Simplifying searches
- Creating saved searches that summarize data
-
Talk to your sales representative about adding more SVCs, which will add additional search heads.
What's Next?
This release of Resource Metrics marks the exciting beginning of the new Workload Dashboard journey. We've just kick-started this evolution, and you can expect updates that will introduce new visualizations, that enhance visibility into these critical resource metrics, unlocking new ways that customers can monitor, troubleshoot, and predict their Splunk workloads.
Join this journey and share your feedback and ideas with us. Select the feedback button on your Workload dashboard and share your thoughts — we can't wait to hear from you!
To learn more about the Workload dashboard and the Cloud Monitoring Console (CMC), check out our comprehensive documentation.
Related Articles
Announcing Splunk Enterprise 10.2 & Splunk Cloud Platform 10.2 – Next Generation Querying & Analytics
Introducing SPL2: The Next-Generation Search & Data Preparation Language for Splunk
