All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Add-on Builder and Metric Indexes- Why aren't events showing up?

davidoff96
Path Finder
‎10-05-2022 01:17 PM

Hello,

I have to manipulate some data from an api, and send those events to splunk. One set of the api has to go to a normal index, but a subset of the data has to go to a metrics index, which is defined as an input in the add-on configuration.

 

However, when I try to send events to the metrics, I don't get anything showing up there. I have tried the following:

  • Prepending "metric_name:" to the field name for the metric
  • Making a new add-on to only send data to metrics (very simple create an event and send it)
  • In that same add-on, create the event, and send it to the index defined in the config, and defined my metrics index in that config

None of these worked. Is there a special way to send these to metrics indexes?

Labels (1)
Labels
Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

davidoff96
Path Finder
‎10-06-2022 02:35 PM

Alright - the issue was that the sourcetype for the metrics events had to have "INDEXED_EXTRACTIONS=json" in the props.conf. Once I had changed that, I was able to see those values in the metrics index.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

davidoff96
Path Finder
‎10-06-2022 02:35 PM

Alright - the issue was that the sourcetype for the metrics events had to have "INDEXED_EXTRACTIONS=json" in the props.conf. Once I had changed that, I was able to see those values in the metrics index.

0 Karma
Reply
Solved! Jump to solution

johnhuang
Motivator
‎10-05-2022 06:42 PM

How are you ingesting the metrics? If you're using HEC, make sure you format it correctly and send it to the correct rest api endpoint url.

https://docs.splunk.com/Documentation/SplunkCloud/9.0.2208/Metrics/GetMetricsInOther 

0 Karma
Reply
Solved! Jump to solution

davidoff96
Path Finder
‎10-06-2022 07:21 AM

This is through the add-on builder.  When I send the metric through to a normal index, it looks like this:

davidoff96_0-1665066001007.png

And my code for generating it looks like this:

data = {
'metric_name:tests_performed:testing': 4
}

event = helper.new_event(source=helper.get_input_type(), index='test-metrics', sourcetype=helper.get_sourcetype(), data=json.dumps(data))
ew.write_event(event)

 

Where index test-metrics is an index I have set up with the metrics type

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...