metric roll up naming convention

All Apps and Add-ons

Hello,

I'm trying to roll up a metric index named <name>.
So I added a new index named <name>-rollup and I configured a metric-rollup.conf:

[index:<name>]
defaultAggregation = avg
dimensionList = cluster
dimensionListType = excluded
rollup.0.rollupIndex = <name>_rollup
rollup.0.span = 1d

Ok, it works, but quite useless for me. If I have an app which makes query like

| mstats avg(_value) as value where index= metric_name=system.load1 groupby metric_name, host span=1d | eval {metric_name}=value

then I have to modify the query as
| mstats avg(_value) as value where index=_rollup metric_name=system.load1_mrollup_avg_86400s groupby metric_name, host span=1d | eval {metric_name}=value

to work with summarized datas. This is a mess.
Is there a way to at least configure the naming convention of the new metric names?

Because if I can maintain the same metric name in the new index <name>_rollup I still can easily modify all the queries. Otherwise, I have to change all metric names and not only the index name!

Thank you very much
Kind Regards
Marco

Get Updates on the Splunk Community!

metric roll up naming convention

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

metric roll up naming convention

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!