- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am using Splunk Enterprise 7.3.2. and I have structured event data within an events index that I am trying to convert into metrics data so that I can store it in a metrics index. I am basing my analysis on the following topic: Get metrics in from other sources.
I've managed to create a search that converts my event data into the format that is required by the metrics_csv sourcetype, after which I run the collect command to push the data:
| collect index="metrics_index" sourcetype="metrics_csv"
One thing to note is that when I rename my metric value field to _value, the field disappears from the statistics table.
Once the search has completed I am unable to access that data using mstats and mcatalog commands on the metrics index.
Is what I am trying to do possible?
To test whether the format was correct I exported the search results and indexed them by hand. This worked.
Thank you and best regards,
Andrew
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/1f594/1f594b1b4c0941863df1722dd52dd06a5b9a2e11" alt="Splunk Employee Splunk Employee"
The collect command is used to send data to a summary index, not a metrics index.
Have a look at the mcollect and meventcollect commands. They can be used to send event data to a metrics index.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yeeeeeeeeeeeeeeeeeees!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/1f594/1f594b1b4c0941863df1722dd52dd06a5b9a2e11" alt="Splunk Employee Splunk Employee"
The collect command is used to send data to a summary index, not a metrics index.
Have a look at the mcollect and meventcollect commands. They can be used to send event data to a metrics index.
data:image/s3,"s3://crabby-images/5d9f8/5d9f80c54160124d38856b77a799077db7d57026" alt=""