Introducing New Storage Dashboards in the Cloud Monitoring Console (CMC)

Monitoring and gaining additional insights about usage of your Splunk Cloud Platform deployment is essential for effective management as a Splunk admin. Your Splunk Cloud comes with the Cloud Monitoring Console (CMC) app, which displays relevant information about the status of your Splunk Cloud environment using pre-built dashboards. Like your organization, we’re constantly evolving: our latest CMC release includes three new dashboards to help you better understand and manage your license subscription limits.

What's New?

Three new dashboards have been added to the License Usage menu of the CMC app and include the following: Storage Summary, Searchable Storage (DDAS), and Archive Storage (DDAA). The dashboards provide comprehensive entitlement, usage, and data restoration overviews to help Splunk Cloud Platform administrators better manage their organizations’ license limits: 

Let’s take a moment to learn more about these dashboards:

Storage Summary Dashboard

You can think of the Storage Summary Dashboard dashboard as your one-stop shop. From this panel you can view both searchable (DDAS) and archive (DDAA) storage license usage to help your organization stay within its licensed subscription limits. The Storage Summary Dashboard also provides an overview into your data retention based on the uncompressed data you have indexed. There are panels showing percentage of usage compared to your searchable and archive license entitlement, and the panels are color-coded to alert you to your organization’s usage status: green indicates usage is well under your entitlement limit, yellow indicates that usage is > 80% of your entitlement limit, and red indicates usage > 90%, at which point you’re at risk of exceeding your entitlement limit. A yellow or red status indicates that you need to investigate your storage usage and take action to make it more efficient, or upgrade your usage subscription. Examples of taking action include adjusting an index’s searchable time parameter, or adjusting how long an index will retain archived data.

^{Here we see an example of a healthy usage status from the Storage Summary Dashboard.}

Searchable Storage (DDAS) Dashboard

The Searchable Storage dashboard contains overlapping panels from the Storage Summary Dashboard, but it dives deeper into DDAS usage. Dynamic Data Active Searchable (DDAS) is used for searching ingested data. DDAS is also commonly known as searchable storage. The Searchable Storage dashboard shows comprehensive DDAS license usage data so Splunk Cloud Platform administrators can ensure their organization stays within its licensed subscription limits. It also contains panels to show the amount of searchable storage used by all applicable indexes compared to your entitlement limit, along with the top 10 indexes that are the highest consumers of searchable storage. It also provides a tabular overview of searchable storage details per index that allows you to determine which indexes are high consumers of storage, and also understand general usage patterns and trends.

In this example we see the top 10 highest consumers of searchable storage in the bottom right. The storage usage is greater than 80% and yellow, which means the usage of this stack merits an investigation

Archive Storage (DDAA) Dashboard

The Archive Storage dashboard also contains overlapping panels from the Storage Summary Dashboard, but it dives deeper into Dynamic Data Active Archive (DDAA) usage. DDAA is used as long-term storage, and data in DDAA can be restored in order to search. For Splunk Cloud Platform administrators this dashboard shows information about your archived data for indexes that are enabled with DDAA. You can review the information on this dashboard to ensure that you are staying within your subscribed limits for data ingestion and retention. This dashboard also contains panels to show the amount of archive storage used by all applicable indexes compared to your entitlement limit, along with the top 10 indexes that are high consumers of searchable storage. It also shows a summary of restoration activity for all of your deployment's indexes that are enabled with the DDAA feature from the last 90 days.

As a Splunk admin you can use this dashboard to review the restoration totals and determine if the amount of data restored, cleared, and expired in your deployment meets or exceeds your organization's actual requirements. For example, a high total for restored data or low total for cleared or expired data may indicate the need to re-evaluate your index management policies and procedures. This helps you ensure that you are restoring and retaining only the data that your organization truly needs.

This example looks very similar to the DDAS dashboard overview with the exception that it shows archive storage versus searchable storage. The green status denotes a healthy archive storage status

How to Access the Storage Dashboards

Your Splunk Cloud offering comes with the Cloud Monitoring Console (CMC) app preinstalled. Once logged into your Splunk environment, follow these steps to access these three, new dashboards:

1. Log in to your Splunk Cloud Platform.

2. Once logged in, navigate to the left panel to find Cloud Monitoring Console under the Apps section. From here you can click on Cloud Monitoring Console to open the CMC app.

3.Once the CMC app is launched you can select the Storage Summary, Searchable Storage (DDAS), and Archive Storage (DDAA) dashboards to view them. 

We know that as Splunk administrators your time is precious, and our goal is to always keep you informed about your stack health before it can cause interruption downstream. Try the CMC app and the new storage dashboards today to ensure your continued success with Splunk. 

You can read more about license usage dashboards and the CMC here.