Splunk Monitoring Dashboard
License Alert
splunk-license-messages
| search severity == "WARN" and msg == "*pool has exceeded*"
| stats count
Indexing Rate
splunk-search [ | rest /services/server/introspection/indexer ]
| eval average_KBps = round(double(average_KBps), 2)
| fields average_KBps
Index Size
splunk-indexes
| stats sum(current_db_size) as index_size
| eval index_size = round(index_size / 1024, 2)
Total Event Count
splunk-indexes
| stats sum(total_event_count) as event_count
실행 작업 수
splunk-jobs
| search not(done)
| stats count
Disk Usage
splunk-search duration=1d [ | rest "/services/server/status/partitions-space" ]
| eval capacity = double(capacity), free = double(free), usage = capacity - free
| eval pct_usage = round(usage * 100 / capacity, 2)
| fields pct_usage
Running Jobs
splunk-jobs
| search not(done)
| eval done_progress = round(done_progress * 100, 2)
| fields profile, sid, done_progress, run_duration, earliest_time, latest_time, search, scan_count, event_count, result_count, disk_usage
