Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I use the collect command to write metrics data to a metrics index?

andrewtrobec
Motivator
‎09-30-2020 03:48 AM

Hello,

I am using Splunk Enterprise 7.3.2. and I have structured event data within an events index that I am trying to convert into metrics data so that I can store it in a metrics index.  I am basing my analysis on the following topic: Get metrics in from other sources.

I've managed to create a search that converts my event data into the format that is required by the metrics_csv sourcetype, after which I run the collect command to push the data:

| collect index="metrics_index" sourcetype="metrics_csv"

One thing to note is that when I rename my metric value field to _value, the field disappears from the statistics table.

Once the search has completed I am unable to access that data using mstats and mcatalog commands on the metrics index.

Is what I am trying to do possible?

To test whether the format was correct I exported the search results and indexed them by hand.  This worked.

Thank you and best regards,

Andrew

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ccl0utier
Splunk Employee
Splunk Employee
‎09-30-2020 05:43 AM

The collect command is used to send data to a summary index, not a metrics index.

Have a look at the mcollect and meventcollect commands.  They can be used to send event data to a metrics index.

View solution in original post

Reply
Solved! Jump to solution

andrewtrobec
Motivator
‎09-30-2020 06:05 AM

yeeeeeeeeeeeeeeeeeees!

0 Karma
Reply
Solved! Jump to solution
Solution

ccl0utier
Splunk Employee
Splunk Employee
‎09-30-2020 05:43 AM

The collect command is used to send data to a summary index, not a metrics index.

Have a look at the mcollect and meventcollect commands.  They can be used to send event data to a metrics index.

Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...
Top