Created
July 19, 2017 17:14
-
-
Save automine/1a4e55f8de6dab916fdc85c5a5855f60 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <dashboard> | |
| <label>Indexer Disk Usage</label> | |
| <row> | |
| <panel> | |
| <table> | |
| <title>Disk Usage by Indexer</title> | |
| <search> | |
| <query>| rest /services/server/status/partitions-space splunk_server_group=dmc_group_indexer | search mount_point=/data/* | eval usage = capacity - free | |
| | eval pct_usage = round(usage / capacity * 100, 2) | stats first(fs_type) as fs_type first(usage) as usage first(capacity) as capacity first(pct_usage) as pct_used by mount_point, splunk_server | eval splunk_server=lower(splunk_server)| table splunk_server mount_point usage capacity pct_used | sort splunk_server mount_point | addcoltotals | eval usage=round(usage/1024,2) | eval capacity=round(capacity/1024, 2) | rename usage AS "Usage (GB)" capacity AS "Capacity (GB)" splunk_server AS "Indexer" pct_used AS "Percent Used"</query> | |
| <earliest>$earliest$</earliest> | |
| <latest>$latest$</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="count">20</option> | |
| <option name="dataOverlayMode">none</option> | |
| <option name="drilldown">cell</option> | |
| <option name="percentagesRow">false</option> | |
| <option name="rowNumbers">false</option> | |
| <option name="totalsRow">false</option> | |
| <option name="wrap">true</option> | |
| </table> | |
| </panel> | |
| <panel> | |
| <table> | |
| <title>Index Sizes</title> | |
| <search> | |
| <query>| rest splunk_server_group=dmc_group_indexer /services/data/indexes | |
| | join title splunk_server type=outer [| rest splunk_server_group=dmc_group_indexer /services/data/indexes-extended] | |
| | eval coldBucketSize = if(isnotnull('bucket_dirs.cold.bucket_size'), 'bucket_dirs.cold.bucket_size', 'bucket_dirs.cold.size') | |
| | eval coldBucketSizeGB = if(isnull(coldBucketSize), 0, round(coldBucketSize/ 1024, 2)) | |
| | eval homeBucketSizeGB = round((total_size - if(isnull(coldBucketSize), 0, coldBucketSize)) / 1024, 2) | |
| | eval homeBucketSizeGB = if(isnull(homeBucketSizeGB), 0, homeBucketSizeGB) | |
| | eval indexSizeGB = if(currentDBSizeMB >= 1 AND totalEventCount >=1, round(currentDBSizeMB/1024, 2), 0) | |
| | fillnull value=0 indexSizeGB, homeBucketSizeGB, coldBucketSize, coldBucketSizeGB | |
| | fields title, splunk_server, indexSizeGB, homeBucketSizeGB, coldBucketSize, coldBucketSizeGB, frozenTimePeriodInSecs | |
| | stats sum(indexSizeGB) AS "totalIndexGB" sum(homeBucketSizeGB) AS "totalWarmGB" sum(coldBucketSizeGB) AS "totalColdGB" values(frozenTimePeriodInSecs) AS frozenTimePeriodInSecs by title | |
| | rename title AS "Index" totalIndexGB AS "Total Index Size (GB)" totalWarmGB AS "Total Hot/Warm (GB)" totalColdGB AS "Total Cold (GB)" | addtotals col=t row=f labelfield=Index label="Total Index Usage" "Total Index Size (GB)" "Total Hot/Warm (GB)" "Total Cold (GB)" |sort - "Total Index Size (GB)" | eval "Frozen Time Period (days)" = frozenTimePeriodInSecs/86400 | fields - frozenTimePeriodInSecs</query> | |
| <earliest>0</earliest> | |
| <latest></latest> | |
| </search> | |
| <option name="count">20</option> | |
| </table> | |
| </panel> | |
| </row> | |
| <row> | |
| <panel> | |
| <table> | |
| <title>Data Model Acceleration Sizes</title> | |
| <search> | |
| <query>|rest servicesNS/-/-/data/models splunk_server_group=dmc_group_search_head | |
| | search acceleration="1" | |
| | table title eai:appName eai:userName splunk_server | |
| | rename eai:appName AS name| eval myDatamodel="DM_" . name . "_" . title | |
| |map maxsearches=50 search="|rest /servicesNS/nobody/-/admin/summarization/tstats:$$myDatamodel$$ splunk_server=$$splunk_server$$"|table eai:acl.app, summary.id, summary.size, summary.time_range, splunk_server |rename summary.time_range as retention_period eai:acl.app as app summary.size as size summary.id as datamodel|eval sizeGB=round(size/1024/1024/1024,2) | eval retention_period = retention_period/86400 |fields - size | lookup dmc_assets serverName AS splunk_server OUTPUT search_group | rex field=search_group "dmc_searchheadclustergroup_(?<cluster_guid>.*)" | eval search_head_cluster=coalesce(cluster_guid, splunk_server) | stats values(splunk_server) AS splunk_servers values(sizeGB) as sizeGB values(app) AS app values(search_group) AS search_groups values(retention_period) AS retention_period by datamodel search_head_cluster | table datamodel app splunk_servers search_head_cluster retention_period sizeGB | sort - sizeGB | eval search_head_cluster=if(splunk_servers==search_head_cluster,"None",search_head_cluster) | |
| | rename datamodel as "Data Model" app AS "App" "splunk_servers" as "Search Head(s)" search_head_cluster AS "Search Head Cluster" retention_period AS "Retention Period (days)" sizeGB AS "Usage (GB)"</query> | |
| <earliest>0</earliest> | |
| <latest></latest> | |
| </search> | |
| <option name="count">20</option> | |
| </table> | |
| </panel> | |
| </row> | |
| </dashboard> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment