Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there a best practice for using a time dimension with _metrics Data?

jordanking1992
Path Finder
‎03-22-2022 01:23 PM

Hello,

Working with a team that is sending some custom paramters via metrics data. They are trying to include a dimension that contains a data, but Splunk is not accepting of the date.

release:1,component:test,team:TestTeam,repo_branch:master,version:3,eventTimestamp:2022-03-22T14:46:41.048881800

My guess is that Splunk doesn't like the colon's in the timestamp but a bit unsure. The team wants to be able to send time within the metrics for later analysis using eval commands after indexing.

Is there a best practice for including a time dimension/value within metrics data? (i.e epoch/UNIX time)

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-22-2022 11:43 PM

You should be able to configure the timestamp recognition for your sourcetype to match the format used in your messages

https://docs.splunk.com/Documentation/Splunk/8.2.5/Data/Configuretimestamprecognition 

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...