Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Log to Metrics - No data preview displayed when Metric Measures names are present

ashmaind
Explorer
‎01-15-2019 09:02 PM

I am trying Log to metric conversion feature. I tried getting data in using Add Data feature. But no data preview gets displayed when the sourcetype is selected for log to metric conversion. While playing around I observed that data preview is getting displayed when METRIC-SCHEMA-TRANSFORMS Advanced setting is removed.
Here is my stanza for the sourcetype I created

[log_to_met]
DATETIME_CONFIG =
INDEXED_EXTRACTIONS = csv
LINE_BREAKER = ([\r\n]+)
METRIC-SCHEMA-TRANSFORMS = metric-schema:log_to_met_1546498662303
NO_BINARY_CHECK = true
category = Log to Metrics
pulldown_type = 1
disabled = false

transforms.conf stanza
[metric-schema:log_to_met_1546498662303]
METRIC-SCHEMA-MEASURES = _value

So, what are these Metric Measures and how to get data in with these measures. Also what is the importance of log to metric conversion.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...