Archive

log to metrics sourcetype creation

Communicator

Hi, i was trying to create a sourcetype for log to metrics data type but not getting what to put in measures section in metrics tab. My raw data contains _time, IP, Staus, Time, URL ? Can anyone tell me what fields need to be put as measures in this section?

Tags (1)

Communicator

I think you shouldn't convert this type of events to metrics. Metrics should have some numeric fields to be useful.

0 Karma

Communicator

Okay, i got it the fields should be numeric, but in metrics tab while creating sourcetype i need to put all the field names. Am i getting it right?

0 Karma

Communicator

You could blacklist them.

0 Karma