diff --git a/dashboards/dashboard.xml b/dashboards/dashboard.xml new file mode 100644 index 00000000..af5318e7 --- /dev/null +++ b/dashboards/dashboard.xml @@ -0,0 +1,263 @@ +
+ +
+ + + + -24h@h + now + + + + + * + * + + + + * + * + +
+ + + Event count + + + index=$index_token$ sourcetype="cf:*" | timechart span=10m count + $main_time_range.earliest$ + $main_time_range.latest$ + 5m + delay + + + + + + + + + + Distributions of events by index + + + index=$index_token$ sourcetype="cf:*" | stats count by index + $main_time_range.earliest$ + $main_time_range.latest$ + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Total number of PCF events by index + + + index=$index_token$ sourcetype="cf:*" | chart sparkline(count) AS "Indexes Trend" count AS Total BY index + $main_time_range.earliest$ + $main_time_range.latest$ + 1 + + + + + + + + + +
+
+
+ + + Events by sources + + Events by source + + index=$index_token$ sourcetype="cf:*" | top source + $main_time_range.earliest$ + $main_time_range.latest$ + + + + + + + + + + + Events by sourcetype + + Events by sourcetype + + index=$index_token$ sourcetype="cf:*" | top sourcetype + $main_time_range.earliest$ + $main_time_range.latest$ + + + + + + + + + + + + + Internal Splunk errors count + + + index=_internal component=HttpInputDataHandler (log_level="WARN" OR log_level="ERROR") | timechart span=10m count + $main_time_range.earliest$ + $main_time_range.latest$ + 5m + delay + + + + + + + + Internal Splunk errors sample + + + index=_internal component=HttpInputDataHandler (log_level="WARN" OR log_level="ERROR") | table name,parsing_err | stats count by name,parsing_err + $main_time_range.earliest$ + $main_time_range.latest$ + 1 + + + + + +
+
+
+ + + Nozzle errors count + + + index=$index_token$ sourcetype="cf:splunknozzle" message="*error*" | timechart span=10m count + $main_time_range.earliest$ + $main_time_range.latest$ + 5m + delay + + + + + + + + Nozzle errors sample + + + index=$index_token$ sourcetype="cf:splunknozzle" message="*error*" | table source,logger_source,message | stats count by source,logger_source,message + $main_time_range.earliest$ + $main_time_range.latest$ + 1 + + + + + +
+
+
+ + + Nozzle CPU usage + + + | mstats avg("nozzle.usage.cpu") prestats=true WHERE "index"=$metrics_index_token$ span=10s | timechart avg("nozzle.usage.cpu") AS Avg span=10s | fields - _span* + $main_time_range.earliest$ + $main_time_range.latest$ + 5m + delay + + + + + + + + + + Nozzle RAM usage + + + | mstats avg("nozzle.usage.ram") prestats=true WHERE "index"=$metrics_index_token$ span=10s | timechart avg("nozzle.usage.ram") AS Avg span=10s | fields - _span* + $main_time_range.earliest$ + $main_time_range.latest$ + 5m + delay + + + + + + + + + + Nozzle events sent + + + | mstats rate_avg("firehose.events.received.count") as "Rate (Avg) /s" chart=true WHERE "index"=$metrics_index_token$ span=30s | fields - _span* + $main_time_range.earliest$ + $main_time_range.latest$ + 5m + delay + + + + + + + + Nozzle events dropped + + + | mstats rate_avg("firehose.events.dropped.count") as "Rate (Avg) /s" chart=true WHERE "index"=$metrics_index_token$ span=30s | fields - _span* + $main_time_range.earliest$ + $main_time_range.latest$ + 5m + delay + + + + + + + +
\ No newline at end of file