Skip to content
Article

Meet Data Utilization

Data Utilization is an excellent companion Element to Data Management. While Data Management is focused on tracking ingests with metadata and awareness alerts, Data Utilization is centered on using automation to help Admins and Users track how Users, Scheduled Searches, and Dashboards are utilization data being ingested into Splunk.

How is this being used again?

Data Utilization helps Admins quickly identify how data is being used across their environment by users. By tracking how ad-hoc searches and scheduled searches are searching across all data, Data Utilization can highlight active data streams. Furthermore, Data Utilization investigates dashboards that have been used lately, and investigates what data is being utilized on each dashboard load. All of this comes together into an easy-to-understand report.

Admins can change the filter for the search, splitting the data by either index, for high level investigations, index-sourcetype, for normal baselines, and index-sourcetype-source to identify individual data points that slipped the cracks. Admins can select any one of these findings to learn more about its utilization.

Using Data Utilization, Admins can quickly identify who is searching a sourcetype, using what scheduled searches, and on what dashboards, and when! Admins can also inspect the SPL associated with each of these three options!

Make way for the new!

Data Utilization also offers a powerful perspective for Splunk Owners. By analyzing how data is being utilized, Admins can quickly identify any depreciated data streams that could be removed from Splunk. The benefits for this are evident, as it can make room for other ingests for more important use cases, or bring a deployment down below their license level, reducing Splunk operating costs. Another benefit is the reduction in technical debt, as Splunk Admins can now focus on data streams that matter for their users!

Conclusion

Data Utilization is a powerful tool, enabling Splunk Admins to quickly come to terms how their environment is being used by both Users and Scheduled Searches, while empowering Admins to jumpstart discussions for prioritizing data streams. With Data Utilization, Admins can more easily reduce license utilization while increasing visibility. 

Author