- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All,
I see a few examples on convert an event received into a metric. Is there a way to say keep an apache log and create a metric of the stratus?
thanks
-Daniel
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You can convert existing event data into metric using mcollect command so in your case you need to schedule search which will run at regular interval and index data into metric index. Please refer documentation on https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Mcollect
Using this approach it will keep your apache logs in event index and it will ingest metric data in metric index, only drawback is you'll not able to see real-time data in metric event because it is purely depend on schedule search frequency.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You can convert existing event data into metric using mcollect command so in your case you need to schedule search which will run at regular interval and index data into metric index. Please refer documentation on https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Mcollect
Using this approach it will keep your apache logs in event index and it will ingest metric data in metric index, only drawback is you'll not able to see real-time data in metric event because it is purely depend on schedule search frequency.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah, that might work. I'll talk to the customer to see if a 15 min backfill/delay is acceptable. Thanks for the reply!
