Skip to main content
Skip table of contents

KB 96 - Splunk PowerConnect App Data Model Information

KB 96 (Splunk): Splunk PowerConnect App Data Model Information

Category: Information

Platform: Splunk

Priority: Normal

Version: 1 from 23.03.2021

Description

A data model defines fields that create a schema and it can be thought of as a collection of structured information that generates different kinds of searches. 

Data model acceleration is a feature that you can use to speed up data models by creating summaries of the datasets. After acceleration, searches based on accelerated data model datasets complete quicker than they did before, as do reports and dashboard panels that are based on those searches. 

The PowerConnect Splunkbase app contains the following datamodels and beside them are the dashboards which use that datamodel:

Datamodel 

Dashboards 

SAP_ABAP_AL08 

  1. Time Machine Dashboard 

  2. Users logged in 

SAP_ABAP_SM37 

  1. Batch Jobs 

  2. Time Machine Dashboard 

SAP_ABAP_STAD3 

  1. SAP Global STAD 

  2. STAD by Instance by Instance 

  3. Time Machine Dashboard 

  4. User Experience(Geo) 

Weekly Usage Statistics 

  1. Weekly usage statistics 

SAP Production Systems 

  1. CPU vs. Work Processes 

  2. Landscape Overview 

  3. System Overview 

  4. Time Machine Dashboard 

  5. User Experience (Geo) 

Configuration

Data Model Acceleration is disabled by default. Admin can enable acceleration and set the acceleration period by the following steps: 

  1. On Splunk's menu bar, Click on Settings -> Data models 

  2. From the list for Data models, click "Edit" in the "Action" column of the row for the Data model for which acceleration needs to be enabled. 

  3. From the list of actions select Edit Acceleration. This will display the pop-up menu for Edit Acceleration. 

  4. Check Accelerate check box to "Enable" data model acceleration. 

  5. If acceleration is enabled, select the summary range to specify the acceleration period. (Note: This is the time range for which summaries are created. Running search inclusively on this time range will use the summaries and result faster than normal search) 

  6. To save acceleration changes click on the save button. 

Troubleshooting

Splunk recommends 12 CPU cores at 2Ghz or greater speed per core 12GB RAM for proper deployment of Splunk Enterprise. In case the system does not meet these requirements, it may be possible that the acceleration does not happen properly due to the searches getting skipped. The following steps can be followed for troubleshooting: 

  1. On Splunk's menu bar, Click on Settings -> Monitoring Console 

  2. On the Monitoring Console’s menu bar, Click on Search -> Scheduler Activity: Instance 

  3. One can determine the searches which have skipped by looking at the panels namely ‘Skip Ratio (Last Hour)’, ‘Count of Scheduler Executions Over Time’, ‘Count of Skipped Reports Over Time’ and ‘Count of Skipped Reports by Name and Reason’ 

  4. If searches are getting skipped, then following step should be taken to decrease the number of concurrent searches at a given time: 

  5. Open $SPLUNK_HOME -> etc -> apps -> bnw-app-powerconnect-> local -> datamodels.conf (create if not existing) 

  6. Add the following parameter in the datamodels.conf file in the specific datamodel stanza or in a new [default] stanza for global setting: 

    1. acceleration.allow_skew = <percentage>|<duration-specifier>

    2. Where percentage and  duration-specifier have a non-zero value. Examples include- 100%, 3m etc.

  7. Even after that the above step, if searches are getting skipped, then upgrade the core count to the recommended value to allow more concurrent searches at a time. 

Product version

Product

From

To

PowerConnect [NW,S4HANA,S4HANA Cloud]

[Affected version from]

[Affected version to]

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close