Skip to content

Commit

Permalink
Added a PCF dashboard (#372)
Browse files Browse the repository at this point in the history 
* Added a dashboard POC
  • Loading branch information
@sbylica-splunk
sbylica-splunk authored Jul 2, 2024
1 parent 31f5369 commit a0eafb9
Showing 1 changed file with 263 additions and 0 deletions.
263 changes: 263 additions & 0 deletions dashboards/dashboard.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,263 @@
<form version="1.1" hideEdit="false">
<label>PCF dashboard</label>
<fieldset submitButton="false">
<input type="time" token="main_time_range" searchWhenChanged="true">
<label>Time range</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="text" token="index_token" searchWhenChanged="true">
<label>Index</label>
<default>*</default>
<initialValue>*</initialValue>
</input>
<input type="text" token="metrics_index_token" searchWhenChanged="true">
<label>Metrics index</label>
<default>*</default>
<initialValue>*</initialValue>
</input>
</fieldset>
<row>
<panel>
<title>Event count</title>
<chart>
<search>
<query>index=$index_token$ sourcetype="cf:*" | timechart span=10m count </query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Distributions of events by index</title>
<chart>
<search>
<query>index=$index_token$ sourcetype="cf:*" | stats count by index</query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">pie</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.lineWidth">2</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>Total number of PCF events by index</title>
<table>
<search>
<query>index=$index_token$ sourcetype="cf:*" | chart sparkline(count) AS "Indexes Trend" count AS Total BY index</query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
<row>
<panel>
<title>Events by sources</title>
<chart>
<title>Events by source</title>
<search>
<query>index=$index_token$ sourcetype="cf:*" | top source</query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
</search>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.chart">pie</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.drilldown">none</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>Events by sourcetype</title>
<chart>
<title>Events by sourcetype</title>
<search>
<query>index=$index_token$ sourcetype="cf:*" | top sourcetype</query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
</search>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.chart">pie</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.drilldown">none</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Internal Splunk errors count</title>
<chart>
<search>
<query>index=_internal component=HttpInputDataHandler (log_level="WARN" OR log_level="ERROR") | timechart span=10m count </query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>Internal Splunk errors sample</title>
<table>
<search>
<query>index=_internal component=HttpInputDataHandler (log_level="WARN" OR log_level="ERROR") | table name,parsing_err | stats count by name,parsing_err </query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</table>
</panel>
</row>
<row>
<panel>
<title>Nozzle errors count</title>
<chart>
<search>
<query>index=$index_token$ sourcetype="cf:splunknozzle" message="*error*" | timechart span=10m count </query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>Nozzle errors sample</title>
<table>
<search>
<query>index=$index_token$ sourcetype="cf:splunknozzle" message="*error*" | table source,logger_source,message | stats count by source,logger_source,message </query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</table>
</panel>
</row>
<row>
<panel>
<title>Nozzle CPU usage</title>
<chart>
<search>
<query>| mstats avg("nozzle.usage.cpu") prestats=true WHERE "index"=$metrics_index_token$ span=10s | timechart avg("nozzle.usage.cpu") AS Avg span=10s | fields - _span* </query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Nozzle RAM usage</title>
<chart>
<search>
<query>| mstats avg("nozzle.usage.ram") prestats=true WHERE "index"=$metrics_index_token$ span=10s | timechart avg("nozzle.usage.ram") AS Avg span=10s | fields - _span* </query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Nozzle events sent</title>
<chart>
<search>
<query> | mstats rate_avg("firehose.events.received.count") as "Rate (Avg) /s" chart=true WHERE "index"=$metrics_index_token$ span=30s | fields - _span* </query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
<panel>
<title>Nozzle events dropped</title>
<chart>
<search>
<query> | mstats rate_avg("firehose.events.dropped.count") as "Rate (Avg) /s" chart=true WHERE "index"=$metrics_index_token$ span=30s | fields - _span* </query>
<earliest>$main_time_range.earliest$</earliest>
<latest>$main_time_range.latest$</latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
</form>

0 comments on commit a0eafb9

Please sign in to comment.