Getting Data In

Capturing Metrics over TCP using JSON

dewitp
New Member

Hi,

 

We are trying to get metrics into Splunk using TCP, so far we have tried the following:

 

inputs.conf

[tcp://44444]
connection_host = ip
index = metrics_idx
sourcetype = "json_no_timestamp" or "_json" or "metrics_csv"

 

We can get this to work if we change sourcetype to statd and emulate the statd protocol, but we found this to be very limited.

 

We have 30 odd machines collecting "1000s" of data endpoints (mainly counters - was 5 things, now 12) - what would be the best way to get this into Splunk, without using JSON/CSV files...

 

Thanks !

Labels (1)
Tags (2)
0 Karma

dewitp
New Member

Here is a sample of the data posted to the TCP connection:

{
"time": 1728428019, "host": "x.x.x.x", "fields":
{
"metric_name:x.x.x.x.ds.bIn": 1111,
"metric_name:x.x.x.x.ds.bOut": 2222
}
}

 

0 Karma
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.

Can’t make it to .conf25? Join us online!

Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...