Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Log to Metrics - No data preview displayed when Metric Measures names are present

ashmaind
Explorer
‎01-15-2019 09:02 PM

I am trying Log to metric conversion feature. I tried getting data in using Add Data feature. But no data preview gets displayed when the sourcetype is selected for log to metric conversion. While playing around I observed that data preview is getting displayed when METRIC-SCHEMA-TRANSFORMS Advanced setting is removed.
Here is my stanza for the sourcetype I created

[log_to_met]
DATETIME_CONFIG =
INDEXED_EXTRACTIONS = csv
LINE_BREAKER = ([\r\n]+)
METRIC-SCHEMA-TRANSFORMS = metric-schema:log_to_met_1546498662303
NO_BINARY_CHECK = true
category = Log to Metrics
pulldown_type = 1
disabled = false

transforms.conf stanza
[metric-schema:log_to_met_1546498662303]
METRIC-SCHEMA-MEASURES = _value

So, what are these Metric Measures and how to get data in with these measures. Also what is the importance of log to metric conversion.

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...