Heatwave is a time-based heatmap visualization. It operates on both historical/static data, as well as streamed/real-time data.
From Heatwave, you can see the distribution of measures in bucketed ranges on the y-axis, with time on the x-axis. Heatwave is vastly superior to the standard visualizations graphing derived measures avg/min/max/std, because Heatwave will show the actual spread and distribution of those measures (like a histogram) over time.
A canonical use case is to measure performance metrics such as throughput, or latency values. By using Heatwave, you can often see "clusters" that show up as "bands" over time, usually indicating underlying attribute influencing the metrics. From what you see in Heatwave, you can then drill down or filter in order to find the root cause of performance issues evidenced by the data.
Splunk-heatwave-viz is both an app, and a module that you can integrate in your own dashboards. The app comes with a visualization module and a drill down module that enables you to specify drill down queries similar to that of splunk's own hidden search module. The module also comes with a threshold search command with which you can set an upper and lower bound for the data to be visualized. The heatwave module and the drill down module comes with a set of parameters that can be applied though the xml.
Heatwave
title: Specifies title for the heat map plot. upperColorLimit: Specifies upper color for the color range of the plotted heat map. lowerColorLimit: Specifies lower color for the color range of the plotted heat map. colorScale: Specifies type of scale used for heat map coloring. Can be linear or log, default is log.
HeatwaveDrilldown
search: The literal search string HiddenSearch passes onto its child modules. earliest: This is used to define a beginning time range. It is expected if 'latest' is also defined. It sets the start point of the time range to search within. latest: This is used to define an ending time range. It is expected if 'earliest' is also defined. It sets the ending point of the time range to search within.
Splunk is the premier technology for gaining Operational Intelligence on Machine Data. Since it can handle large volume of data at a fast rate, often times users will only want to analyze recent data, and data that is beyond a certain range, or data in realtime.
- Download Splunk for your platform.
- Unpack/Install Splunk by running the downloaded files.
- Follow the instruction on the screen.
Splunk-heatwave-viz can either be installed directly from splunkbase or downloaded from github.
- If you install it from splunkbase all you have to do is follow the instructions on your screen.
- If you download it from splunkbase then extract the files into: SPLUNK_HOME/etc/apps/
- If you download it from github then go to your apps directory: SPLUNK_HOME/etc/apps/ Download the app: git clone https://github.com/splunk/splunk-heatwave-viz.git *You might have to restart splunk in order to apply the changes.
In the following example we will view the percentage load of a cpu over time, with relation to the top 30 processes that are running during the specified timespan.
The above visualization and flow provides you with a superior way of visualizing metrics compared to more standard metrics such as mean, min, max, and standard deviation.
The following example visualizes the number of commit for a set of git-repositories.
From these four Heatwave tiles we can notice a couple of different trends. For example when the job starts and ends, which nodes have overloaded and underloaded disk usage, as well as a I/O anomaly.