Latest version: 0.1.2

Sideview Admin Tools

The License Monitor page will notice recent spikes and extrapolate out whether you're going to exceed your license today.   Next »
The Indexed data inspector gives you some unusual tools to analyze sizes in your indexed data.   Next »

Take the Next Step

App Details

Latest version: 0.1.2
Last updated: Feb 5th 2016
First released: Feb 5th 2016

This app is just a place to put some unusual User Interfaces that we’ve developed for Splunk Administrators to use.

Possibly the most interesting and practical piece is the Violation Predictor, which has two parts. There’s a dashboard by that same name that charts your indexing so far today, and attempts to extrapolate based on the most recent 90 minutes of indexing, whether or not you’re going to blow your license today. By drilling down on the spikes in the chart you can see breakdowns by source/index/host and quite possibly go beat the right people with sticks so as to avoid the actual violation at midnight.

Other notable items include a TreeMap visualization of all your indexed data. This uses a prototype d3 module in Sideview Utils called TreeMap. Also the Field Summarizer and the Search Exploder.

NOTE that this app requires Sideivew Utils 3.3.9 or later.