Skip to content

Commit

Permalink
Added a dashboard POC
Browse files Browse the repository at this point in the history
  • Loading branch information
sbylica-splunk committed Jun 3, 2024
1 parent 31f5369 commit bdeeaab
Showing 1 changed file with 269 additions and 0 deletions.
269 changes: 269 additions & 0 deletions dashboards/dashboard.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,269 @@
<form version="1.1" theme="dark" hideEdit="false">
<label>PCF dashboard POC</label>
<fieldset submitButton="false"></fieldset>
<row>
<panel>
<title>Event count</title>
<chart>
<search>
<query>index=* sourcetype="cf:*" | timechart span=10m count </query>
<earliest>-24h</earliest>
<latest></latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<!--<title>Event count</title>-->
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Distributions of events by index</title>
<chart>
<search>
<query>index=* sourcetype="cf:*" | stats count by index</query>
<earliest>0</earliest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">pie</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="height">331</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
<panel>
<title>Total number of PCF events by index</title>
<table>
<search>
<query>index=* sourcetype="cf:*" | chart sparkline(count) AS "Indexes Trend" count AS Total BY index</query>
<earliest>0</earliest>
<latest></latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
<row>
<panel>
<title>Events by sources</title>
<input type="time" token="source_time_range" searchWhenChanged="true">
<label>Time Range</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
<chart>
<title>Events by source</title>
<search>
<query>index=* sourcetype="cf:*" | top source</query>
<earliest>$source_time_range.earliest$</earliest>
<latest>$source_time_range.latest$</latest>
</search>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.chart">pie</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.drilldown">none</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>Events by sourcetype</title>
<input type="time" token="source_time_range" searchWhenChanged="true">
<label>Time Range</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
<chart>
<title>Events by sourcetype</title>
<search>
<query>index=* sourcetype="cf:*" | top sourcetype</query>
<earliest>$source_time_range.earliest$</earliest>
<latest>$source_time_range.latest$</latest>
</search>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.chart">pie</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.drilldown">none</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Internal Splunk errors count</title>
<chart>
<search>
<query>index=_internal component=HttpInputDataHandler (log_level="WARN" OR log_level="ERROR") | timechart span=10m count </query>
<earliest>-24h</earliest>
<latest></latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>Internal Splunk errors sample</title>
<table>
<search>
<query>index=_internal component=HttpInputDataHandler (log_level="WARN" OR log_level="ERROR") | table name,parsing_err</query>
<earliest>0</earliest>
<sampleRatio>1</sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</table>
</panel>
</row>

<row>
<panel>
<title>Nozzle errors count</title>
<chart>
<search>
<query>index=* sourcetype="cf:splunknozzle" message="*error*" | timechart span=10m count </query>
<earliest>-24h</earliest>
<latest></latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>Nozzle errors sample</title>
<table>
<search>
<query>index=* sourcetype="cf:splunknozzle" message="*error*" | table source,logger_source,message</query>
<earliest>0</earliest>
<sampleRatio>1</sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</table>
</panel>
</row>

<row>
<panel>
<title>Nozzle CPU usage</title>
<chart>
<search>
<query>| mstats avg("nozzle.usage.cpu") prestats=true WHERE "index"="pcf_metrics" span=10s | timechart avg("nozzle.usage.cpu") AS Avg span=10s | fields - _span* </query>
<earliest>-1h</earliest>
<latest></latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>

<row>
<panel>
<title>Nozzle RAM usage</title>
<chart>
<search>
<query>| mstats avg("nozzle.usage.ram") prestats=true WHERE "index"="pcf_metrics" span=10s | timechart avg("nozzle.usage.ram") AS Avg span=10s | fields - _span* </query>
<earliest>-1h</earliest>
<latest></latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>

<row>
<panel>
<title>Nozzle events sent</title>
<chart>
<search>
<query> | mstats rate_avg("firehose.events.received.count") as "Rate (Avg) /s" chart=true WHERE "index"="pcf_metrics" span=30s | fields - _span* </query>
<earliest>-1h</earliest>
<latest></latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>Nozzle events dropped</title>
<chart>
<search>
<query> | mstats rate_avg("firehose.events.dropped.count") as "Rate (Avg) /s" chart=true WHERE "index"="pcf_metrics" span=30s | fields - _span* </query>
<earliest>-1h</earliest>
<latest></latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>


</form>

0 comments on commit bdeeaab

Please sign in to comment.