Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I use the collect command to write metrics data to a metrics index?

andrewtrobec
Motivator
‎09-30-2020 03:48 AM

Hello,

I am using Splunk Enterprise 7.3.2. and I have structured event data within an events index that I am trying to convert into metrics data so that I can store it in a metrics index.  I am basing my analysis on the following topic: Get metrics in from other sources.

I've managed to create a search that converts my event data into the format that is required by the metrics_csv sourcetype, after which I run the collect command to push the data:

| collect index="metrics_index" sourcetype="metrics_csv"

One thing to note is that when I rename my metric value field to _value, the field disappears from the statistics table.

Once the search has completed I am unable to access that data using mstats and mcatalog commands on the metrics index.

Is what I am trying to do possible?

To test whether the format was correct I exported the search results and indexed them by hand.  This worked.

Thank you and best regards,

Andrew

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ccl0utier
Splunk Employee
Splunk Employee
‎09-30-2020 05:43 AM

The collect command is used to send data to a summary index, not a metrics index.

Have a look at the mcollect and meventcollect commands.  They can be used to send event data to a metrics index.

View solution in original post

Reply
Solved! Jump to solution

andrewtrobec
Motivator
‎09-30-2020 06:05 AM

yeeeeeeeeeeeeeeeeeees!

0 Karma
Reply
Solved! Jump to solution
Solution

ccl0utier
Splunk Employee
Splunk Employee
‎09-30-2020 05:43 AM

The collect command is used to send data to a summary index, not a metrics index.

Have a look at the mcollect and meventcollect commands.  They can be used to send event data to a metrics index.

Reply
Get Updates on the Splunk Community!

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...

4 Ways the Splunk Community Helps You Prepare for .conf25

.conf25 is right around the corner, and whether you’re a first-time attendee or a seasoned Splunker, the ...

Enhance Your Splunk App Development: New Tools & Support

UCC FrameworkAdd-on Builder has been around for quite some time. It helps build Splunk apps faster, but it ...
Top