Sideview Admin Tools
This app is just a place to put some unusual User Interfaces that we’ve developed for Splunk Administrators to use.
Possibly the most interesting and practical piece is the Violation Predictor, which has two parts. There’s a dashboard by that same name that charts your indexing so far today, and attempts to extrapolate based on the most recent 90 minutes of indexing, whether or not you’re going to blow your license today. By drilling down on the spikes in the chart you can see breakdowns by source/index/host and quite possibly go beat the right people with sticks so as to avoid the actual violation at midnight.
Other notable items include a TreeMap visualization of all your indexed data. This uses a prototype d3 module in Sideview Utils called TreeMap. Also the Field Summarizer and the Search Exploder.
NOTE that this app requires Sideivew Utils 3.3.9 or later.