Getting Data In

Log to Metrics - No data preview displayed when Metric Measures names are present

ashmaind
Explorer

I am trying Log to metric conversion feature. I tried getting data in using Add Data feature. But no data preview gets displayed when the sourcetype is selected for log to metric conversion. While playing around I observed that data preview is getting displayed when METRIC-SCHEMA-TRANSFORMS Advanced setting is removed.
Here is my stanza for the sourcetype I created

[log_to_met]
DATETIME_CONFIG =
INDEXED_EXTRACTIONS = csv
LINE_BREAKER = ([\r\n]+)
METRIC-SCHEMA-TRANSFORMS = metric-schema:log_to_met_1546498662303
NO_BINARY_CHECK = true
category = Log to Metrics
pulldown_type = 1
disabled = false

transforms.conf stanza
[metric-schema:log_to_met_1546498662303]
METRIC-SCHEMA-MEASURES = _value

So, what are these Metric Measures and how to get data in with these measures. Also what is the importance of log to metric conversion.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...