Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I use the collect command to write metrics data to a metrics index?

andrewtrobec
Motivator
‎09-30-2020 03:48 AM

Hello,

I am using Splunk Enterprise 7.3.2. and I have structured event data within an events index that I am trying to convert into metrics data so that I can store it in a metrics index.  I am basing my analysis on the following topic: Get metrics in from other sources.

I've managed to create a search that converts my event data into the format that is required by the metrics_csv sourcetype, after which I run the collect command to push the data:

| collect index="metrics_index" sourcetype="metrics_csv"

One thing to note is that when I rename my metric value field to _value, the field disappears from the statistics table.

Once the search has completed I am unable to access that data using mstats and mcatalog commands on the metrics index.

Is what I am trying to do possible?

To test whether the format was correct I exported the search results and indexed them by hand.  This worked.

Thank you and best regards,

Andrew

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ccl0utier
Splunk Employee
Splunk Employee
‎09-30-2020 05:43 AM

The collect command is used to send data to a summary index, not a metrics index.

Have a look at the mcollect and meventcollect commands.  They can be used to send event data to a metrics index.

View solution in original post

Reply
Solved! Jump to solution

andrewtrobec
Motivator
‎09-30-2020 06:05 AM

yeeeeeeeeeeeeeeeeeees!

0 Karma
Reply
Solved! Jump to solution
Solution

ccl0utier
Splunk Employee
Splunk Employee
‎09-30-2020 05:43 AM

The collect command is used to send data to a summary index, not a metrics index.

Have a look at the mcollect and meventcollect commands.  They can be used to send event data to a metrics index.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...