Hi,
We are trying to get metrics into Splunk using TCP, so far we have tried the following:
inputs.conf
[tcp://44444]
connection_host = ip
index = metrics_idx
sourcetype = "json_no_timestamp" or "_json" or "metrics_csv"
We can get this to work if we change sourcetype to statd and emulate the statd protocol, but we found this to be very limited.
We have 30 odd machines collecting "1000s" of data endpoints (mainly counters - was 5 things, now 12) - what would be the best way to get this into Splunk, without using JSON/CSV files...
Thanks !
Here is a sample of the data posted to the TCP connection:
{
"time": 1728428019, "host": "x.x.x.x", "fields":
{
"metric_name:x.x.x.x.ds.bIn": 1111,
"metric_name:x.x.x.x.ds.bOut": 2222
}
}