Pre-built Splunk Dashboards for Kubernetes & OpenShift

Stop building Kubernetes dashboards. We did it for you.

Every alternative — Splunk Connect for Kubernetes, OpenTelemetry, Fluent Bit, vendor agents — ships data. Collectord ships a complete Splunk app: 50+ dashboards, 39+ pre-configured alerts, search macros, lookups, and field extractions for Kubernetes, OpenShift, and Docker.

Install in ten minutes. Start investigating in the eleventh.

What’s in the app

The full app is organized around real operational workflows: investigating an incident, planning capacity, auditing a change, monitoring control-plane health.

Events and workload investigation

The 26.04 release brought a complete redesign of event-investigation dashboards. Five views designed around real triage workflows, replacing the legacy single Events page.

⤢

Events Overview

High-level KPIs — warning events, critical conditions, failed scheduling, namespaces with warnings. Drill down into specialized views.

⤢

Events Timeline

Main event search and filtering interface — severity classification, color-coded rows, filters for cluster, namespace, kind, reason.

⤢

Workload Failures

CrashLoopBackOff, OOMKilled, image pull failures, probe failures — count KPIs and detailed tables for each.

⤢

Scheduling and Node Health

FailedScheduling, NodeNotReady, evictions, and node pressure events (Memory, Disk, PID).

⤢

Recurring Problems

7-day window surfacing patterns: top recurring warnings, problematic workloads, namespaces with the most warnings.

Capacity and resource usage

Answer “are we full?” and “are we wasteful?” without writing SPL.

⤢

Allocatable Resources

Cluster headroom — allocatable vs requested vs actual, by node and namespace. Capacity-planning anchor view.

⤢

Top: Pods

Outlier finder — heaviest pods by CPU, memory, network, and restarts. Filter by namespace.

⤢

Top: Containers

Same shape as Top Pods, scoped to containers — useful for multi-container pods and noisy-sidecar detection.

⤢

Top: Hosts

Per-node ranking by load, memory, and network. Pair with Allocatable Resources to find lopsided nodes.

⤢

Top: Processes

Heaviest processes across all hosts — CPU, memory, IO. Catches runaway sidecars and host-level offenders.

Workloads and pods

Per-resource drill-downs — every Kubernetes workload type gets its own view, populated from real cluster data.

⤢

Pod

Per-pod metrics, logs, events, conditions, restarts — single pane for any pod investigation.

⤢

Deployments

Rollout status, replica counts, conditions, container restarts and resource usage rolled up across the Deployment's pods.

⤢

StatefulSets

Stateful workload health — ordered pods, replica status, per-replica metrics, and PVC bindings.

⤢

DaemonSets

Per-node coverage, desired vs ready counts, resource usage per node — the dashboard you need for node agents.

⤢

Jobs

Run history, success/failure ratios, duration trends, last-completed timestamps for one-shot and parallel jobs.

⤢

CronJobs

Schedule history, run latencies, failure tracking — find the cron that's been silently failing for a week.

Cluster overview

Roll-ups across the cluster — what’s running, where, and how it’s doing.

⤢

Overview

The cluster health front page — alerts, KPIs across nodes, workloads, and events. Where on-call lands first.

⤢

Hosts

Per-node inventory and health — load, memory, network, disk, kubelet status, conditions.

⤢

Namespaces

Per-namespace usage, workload counts, resource quotas. Tenant breakdown across the cluster.

Control plane

Visibility into the components that keep your cluster running — every Prometheus metric exposed by the control plane, parsed and graphed.

⤢

Kubernetes API Server

Request rate, latency percentiles, error rates, certificate expiry, and active watches.

⤢

etcd

Leader status, fsync/commit durations, GRPC health, fd usage, failed proposals — the eight signals that matter.

⤢

Kubelet

Per-node kubelet health — runtime operations, image GC, volume operations, pod lifecycle latencies.

⤢

Scheduler

Scheduling latency, attempts, e2e duration. Pair with FailedScheduling event analysis.

⤢

Controller Manager

Workqueue depth and latency, leader election state, reconciliation rates.

Performance — CPU, memory, disk, network

Host- and container-level performance dashboards across every cluster node.

⤢

CPU

Throttled vs limits vs requests, per-container CPU usage. Find CFS-throttled containers fast.

⤢

Disk Stats

Per-device and per-mount IOPS, throughput, queue depth, and latency.

⤢

Network

Per-pod and per-host RX/TX with geographic mapping of remote endpoints. Pair with Network Connections for security investigation.

⤢

Storage

PVC usage, mount stats, growth trends. Tied to the "PVC space low" alert.

Audit, security, and compliance

Inventory privileged workloads, trace every audit event, see who connected to what.

⤢

Audit (overview)

Cluster-wide Kubernetes audit log analysis — verbs, resources, namespaces, response codes.

⤢

Audit (users and namespaces)

Per-user activity timelines. "Who exec'd into what, when." SOC-friendly drill-downs.

⤢

Privileged Containers

Inventory of privileged pods, capabilities, hostPath, hostNetwork — the container-escape surface.

⤢

Pod Security Posture

Pod-level security posture — runAsNonRoot, readOnlyRootFilesystem, allowPrivilegeEscalation, capabilities, seccomp, and AppArmor profiles.

⤢

Network Connections

Inbound and outbound connections per pod, including external destinations.

⤢

Network Traffic

Volume by source/destination/port, geographic mapping, top-talker pods. Pair with Connections for full network visibility.

Specialized views

GPU monitoring, custom application metrics, Kubernetes object streaming.

⤢

NVIDIA GPU

GPU utilization, memory, SM activity, power draw, temperature. ML/AI workload visibility.

⤢

Prometheus Metrics

Visualize per-pod metrics scraped via annotations — your application metrics in Splunk alongside infrastructure.

⤢

Kubernetes Objects

Stream any K8s API object type into Splunk — Secrets, ConfigMaps, Deployments — and search their state and changes alongside logs and events.

Dashboard ×

Plus 39+ pre-configured alerts

The app installs alerts the same way it installs dashboards — out of the box, no SPL writing required.

A sampling of what’s included:

• Control plane: Kubernetes API down / 5xx / latency / cert expiry, etcd no leader / leader churn / slow fsync / failed proposals / fd usage / GRPC errors, Controller Manager down, Kubelet down
• Workload: container CPU throttled, high container memory, high host CPU, high host memory, CoreDNS panics
• Capacity: pods capacity on node, node reservation > 90%, PVC space low, kubelet runtime disk space low
• Cluster health: unhealthy nodes, node conditions, mismatched K8s/kubelet versions, constant warning events
• Operational hygiene: Collectord errors / lag, license usage and expiration

Each alert has a recommended severity, suppression window, and dispatch — install once and they start firing on real conditions.

→ Full alert reference for Kubernetes · for OpenShift · for Docker

How it gets there

Every dashboard is powered by data Collectord auto-collects from your cluster:

• Container logs from every node (no sidecars)
• Container, host, process, and network metrics
• Kubernetes events from the API server
• Optional Kubernetes audit logs
• Optional Prometheus metrics from any pod (via annotations)
• Optional Kubernetes objects (Secrets, ConfigMaps, etc.) streamed as data

Install Collectord and the Splunk app once, and every dashboard above lights up with live data. No per-dashboard configuration, no per-cluster wiring.

→ Installation in 10 minutes · How Collectord compares to Splunk Connect for Kubernetes and OpenTelemetry Collector