Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there a best practice for using a time dimension with _metrics Data?

jordanking1992
Path Finder
‎03-22-2022 01:23 PM

Hello,

Working with a team that is sending some custom paramters via metrics data. They are trying to include a dimension that contains a data, but Splunk is not accepting of the date.

release:1,component:test,team:TestTeam,repo_branch:master,version:3,eventTimestamp:2022-03-22T14:46:41.048881800

My guess is that Splunk doesn't like the colon's in the timestamp but a bit unsure. The team wants to be able to send time within the metrics for later analysis using eval commands after indexing.

Is there a best practice for including a time dimension/value within metrics data? (i.e epoch/UNIX time)

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-22-2022 11:43 PM

You should be able to configure the timestamp recognition for your sourcetype to match the format used in your messages

https://docs.splunk.com/Documentation/Splunk/8.2.5/Data/Configuretimestamprecognition 

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...