All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

AWS CLI Ouput formats to SPLUNK

tb5821
Communicator
‎04-15-2020 01:43 PM

0

I'm using the AWS CLI to get some Kinesis metrics - part of that I'm able to specify the output format as one of the below: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#cli-quick-configuration-for...

I've tried TEXT as that seems the most reasonable for splunk but I think the line separated data is messing up splunks ingest:

METRICDATARESULTS   iteratorAgeMilliseconds itagemillis PartialData
METRICDATARESULTS   readProvisionedThroughputExceeded   itagemillis PartialData
TIMESTAMPS  2020-04-15T20:21:00+00:00
TIMESTAMPS  2020-04-15T20:20:00+00:00
TIMESTAMPS  2020-04-15T20:19:00+00:00
TIMESTAMPS  2020-04-15T20:18:00+00:00
TIMESTAMPS  2020-04-15T20:17:00+00:00
TIMESTAMPS  2020-04-15T20:16:00+00:00
VALUES  0.0
VALUES  0.0
VALUES  0.0
VALUES  0.0
VALUES  0.0
VALUES  0.0
METRICDATARESULTS   writeProvisionedThroughputExceeded  itagemillis PartialData
TIMESTAMPS  2020-04-15T19:36:00+00:00
TIMESTAMPS  2020-04-15T19:35:00+00:00
TIMESTAMPS  2020-04-15T19:34:00+00:00
TIMESTAMPS  2020-04-15T19:33:00+00:00
VALUES  0.0
VALUES  0.0
VALUES  0.0
VALUES  0.0
VALUES  0.0
VALUES  0.0

Any thoughts on either the AWS or splunk side on how best to handle ingesting this data ?

Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...