Getting Data In

Capturing Metrics over TCP using JSON

dewitp
New Member

Hi,

 

We are trying to get metrics into Splunk using TCP, so far we have tried the following:

 

inputs.conf

[tcp://44444]
connection_host = ip
index = metrics_idx
sourcetype = "json_no_timestamp" or "_json" or "metrics_csv"

 

We can get this to work if we change sourcetype to statd and emulate the statd protocol, but we found this to be very limited.

 

We have 30 odd machines collecting "1000s" of data endpoints (mainly counters - was 5 things, now 12) - what would be the best way to get this into Splunk, without using JSON/CSV files...

 

Thanks !

Labels (1)
Tags (2)
0 Karma

dewitp
New Member

Here is a sample of the data posted to the TCP connection:

{
"time": 1728428019, "host": "x.x.x.x", "fields":
{
"metric_name:x.x.x.x.ds.bIn": 1111,
"metric_name:x.x.x.x.ds.bOut": 2222
}
}

 

0 Karma
Get Updates on the Splunk Community!

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

Sooooooooooo, guess what. .conf25 is almost here, and if you're on the Security Learning Path, this is your ...

First Steps with Splunk SOAR

Our first step was to gather a list of the playbooks we wanted and to sort them by priority.  Once this list ...

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

If you’ve read our previous post on self-service observability, you already know what it is and why it ...