Why are metrics producing the wrong value for host field?
Hello, I deployed a Splunk APP that listens to TCP in port 7001, protocol starts with the following code: inputs.conf: tcp:7001] index = metrics sourcetype = statsd And I have in...
View ArticleHow to get Windows counter into metrics
Hi, I'm trying to ingest Windows perf data into Splunk, ingestion to event index with the following conf works fine: [perfmon://Processor] counters = * disabled = 0 interval = 30 index = myeventindex...
View ArticleSplunk_TA_Windows 6.0.0 Metrics index?
All, I am currently a Splunk_TA_windows 4.8x customer and source="Perfmon:Process" is just destroying my disk space and license. I've been told metrics is the way to go for these values. I am looking...
View ArticleHow can I keep an event AND get a metric at index time?
All, I see a few examples on convert an event received into a metric. Is there a way to say keep an apache log and create a metric of the stratus? thanks -Daniel
View ArticleSplunk Add-on for Amazon Web Services: How to collect cloudwatch metrics that...
The cloudwatch metrics for CodeBuild service in AWS does not have a metric dimension when you want to get the metrics for this service across the whole account. How do I configure the inputs.conf of...
View ArticleSplunk Supporting Add-on for Active Directory: How to introduce this as a...
Hello, I have chosen "Splunk supporting Add-on for Active Directory" to perform LDAP search to my Fedora Directory Server. Now I would like to monitor the parameters inside `cn=monitor`. A search like:...
View ArticleMetrics Button Share
All, After installing the Anlaytics Workspace app I would like the metrics button to appear in one of my custom apps. How can I share this out?
View ArticleI already have a source of gauged metrics accessible by http. How can Splunk...
I already have a source of gauged metrics accessible by http. How can Splunk PULL those? I cannot PUSH those metrics. They look like this when the endpoint is invoked: metric_a 10.0 metric_b 0.02...
View Articlefeed Splunk App for Windows Infrastructure without forwarders?
I have a situation where management wants to see server status of some remote deployed servers, but due mostly to politics, installing forwarders on these machines to push metrics back to our Indexer...
View ArticleChart multiple series in Splunk 7.3: what's new?
The [Splunk 7.3 release notes][1] describe the following "what's new" item: > **Chart multiple series** > Co-analyze multiple related metrics easily in the same view and create sophisticated...
View Articlehelp with mstats needed
Hello, I have a metric index reflecting the OS kpis (unix nmon tool). In order to process the data with ML algorithms, I would like to extract it in the following form: _time, metric1, metric2, ....,...
View ArticleCan't query for Metrics
I have create a metric Index called "my_metric_index". I see, that the index is populated with events. I have added the role "metrics_user" and added the capability of "list_metrics_catalog" to the new...
View ArticleHelp estimating cost of metrics in Splunk?
All, I am trying to get my head around host much Splunk costs for metric points. I have three metric indexes and let's assume Splunk costs me $1000 a gig. (it doesn't, but need a round number to work...
View ArticleMetrics vs Events
Is there a way to use the results of a metrics search as a field value(s) for an event search? For example, a specific metrics search will display a list of hosts that meet a certain criteria. I would...
View ArticleMetrics collecting bash scripts generating triggering too many auditd alerts
Hi, We're using a simplified version of the Splunk_TA_nix app (basically just a subset of the bash scripts) to collect system metrics such as CPU memory disk usages; It works well, but the problem is...
View ArticleDetermine which Active servers with Universal Forwarder areNOT sending logs...
We have a bunch of servers with UFs installed. These servers may have different operational states. For example, "Active", "Build in Progress", "Decommissioned", and "Decom in Progress". We use...
View Articlemetrics - if field not present in raw data how to add it with default value?
In the data source I am ingesting it can happen that one of the fields is not present from time to time. The issue is when I am running a search on it and if I add that dimension to the query that...
View ArticleIs it possible to create a drop down menu to list hosts for a metric based...
Is it possible to display hosts in a drop down menu to control a dashboard that displays metrics like CPU USAGE that are indexed as metrics and not events. These are currently indexed as metrics and...
View ArticleSet up log-to-metrics from Universal Forwarder to Splunk Enterprise
I've followed the docs for setting up log-to-metrics but I haven't been able to get it to work as intended. I have a CSV file being monitored by a universal forwarder that then gets sent to Splunk...
View ArticleSending an indexer directly instead of a forwarder?
Couple of questions 1. Why are the directions telling you to send to an indexer directly instead of a forwarder? 2. Why would you not have more metrics from windows, seems like an oversight on the part...
View Article