Advisor Overview

The Advisor Overview modules provide a unified view of the health, risk, and capacity of your Kubernetes infrastructure — a single pane of glass for host machines as well as Kubernetes Clusters, Nodes, Namespaces, and Workloads across multiple environments. Overview shows metrics prioritized by event count and severity, allowing you to get to the root cause of the problem faster. You can easily filter by any of these entities and view associated events and health data.

Overview is not available by default on On-Prem deployments. To enable this feature, seee Enabling Overview for On-Prem Deployments.

Accessing the Overview User Interface

To access Advisor Overview:

  1. Log in to Sysdig Monitor.

  2. In the left navigation bar, select Advisor > Overview, then select one of the Kubernetes entities:

About the Overview User Interface

This section describes the major components of the interface and the navigation options.

By default, the Overview interface opens to the Clusters page. However, when you have no Kubernetes clusters configured, the default landing page is Hosts.

When you reopen the Overview menu, the default view will be your last visited Overview page.

Overview Rows

Each row on an Overview page represents a Kubernetes entity: a cluster, node, namespace, or workload. Each Overview page shows 10 rows by default and a maximum of 100 rows. To display additional rows, select Load More.

Rows are sorted by the count and severity level of the events associated with the entity and are displayed in descending order.

Scope Editor

Scope Editor allows targeting down to a specific entity, such as a particular workload or namespace, from environments that may include thousands of entities. The levels of scope, determined by Kubernetes hierarchy, progresses from Workload to Cluster where Cluster being at the top level. In smaller environments, using the Scope Editor is equivalent to clicking a single row in an Overview page where no scope has been applied.

Cluster: The highest level in the hierarchy. The only scope applied to the page is Cluster. It allows you to select a specific cluster from a list of available ones.

Node: The second level in the hierarchy. The scope is determined by Cluster and Node. Selection is narrowed down to a specific node in a selected cluster.

Namespace: The third level in the hierarchy. The scope is determined by Cluster and Namespace. Selection is narrowed down to a specific namespace in a selected cluster.

Workloads: The last entity in the hierarchy. The scope is initially determined by Cluster and Namespace, then the selection is narrowed to a specific Deployment, DaemonSet, or StatefulSet. Choosing all three options are not allowed.

Time Navigation

The Overview feed is always live and cannot be paused. The time range of Overviews is fixed at 12 hours. However,the gauge and compliance score widgets display the latest data sample, not an aggregation over the entire 12-hour time range.

Unified Stream of Events

Click an overview row to see relevant Events reflected in the event feed in the right panel. Each event is intelligently populated with end-to-end metadata to give context and enable troubleshooting.

Event Types

Overview renders the following event types:

  • Alert: See Alerts.

  • Custom: Ensure that Custom labels are enabled to view this type of events.

  • Containers: Events associated with containers.

  • Kubernetes: Events associated with Kubernetes infrastructure.

  • Sysdig: Events emitted by Sysdig about failing notification channels and deactivated alerts.

Event Statuses

Overview renders the following alert-generated event statuses:

  • Triggered: The alert condition has been met and still persists.

  • Resolved: A previously existed alert condition no longer persists.

  • Acknowledged: The event has been acknowledged by the intended recipient.

  • Un-acknowledged: The event has not been acknowledged by an intended recipient. All events are by default marked as Un-acknowledged.

  • Silenced: The alert event has been silenced for a specified scope. No alert notification will be sent out to the channels during the silenced window.

General Guidelines

First-Time Usage

  • If the environment is created for the first time, Sysdig Monitor fetches data and generates associated pages. The Overview feature is immediately enabled. However, wait for, at the maximum, 1 hour to see the Overview pages with the necessary data.

  • Overview uses time windows in segments of 1 hour, 6 hours and 1 day. Therefore, wait respectively for time to pass to see data populated in the relevant time windows.

  • If enough data is not available for the first 1 hour, the “No Data Available” page will be presented until the first 1 hour passes.

Enabling Overview for On-Prem Deployments

The Overview feature is not available by default on On-Prem deployments. Use the following API to enable it:

  1. Get the Beta settings as follows:

    curl -X GET 'https://<Sysdig URL>/api/on-prem/settings/overviews' \
    -H 'Authorization: Bearer <GLOBAL_SUPER_ADMIN_SDC_TOKEN>' \
    -H 'X-Sysdig-Product: SDC' -k
    

    Replace <Sysdig URL> with the Sysdig URL associated with your deployment and <GLOBAL_SUPER_ADMIN_SDC_TOKEN> with the SDC token associated with your deployment.

  2. Copy the payload and change the desired values in the settings.

  3. Update the settings as follows:

    curl X PUT 'https://<Sysdig URL>/api/on-prem/settings/overview' \
    -H 'Authorization: Bearer <GLOBAL_SUPER_ADMIN_SDC_TOKEN>' \
    -H 'X-Sysdig-Product: SDC' \
    -d '{  "overviews": true,  "eventScopeExpansion": true}'
    

Feature Flags

  • overviews: Set overviews to true to enable the backend components and the UI.

  • eventScopeExpansion: Set eventScopeExpansion to true to enable scope expansion for all the Event types.