Let me be completely transparent on this answer.  I do not know anything about what I am about to respond.  I put your question into Grok and am giving back what it says.  So if it is way off, I apologize.  It sounds like you are using Splunk Observability.  If you are just trying to pull metrics logs of the OS of a system, this is much easier and I would just use the Splunk Linux TA as a guide for the scripts to pull that off a Linux box and the Windows TA for windows, but If my gut is right, that is not your problem and it is Splunk observability cloud is what you are actually looking at.   So here is the cut and paste from Grok.

To fetch actual metric values (time-series data) in Splunk Observability Cloud using REST APIs, you can use the ** /v2/datapoint** endpoint, which retrieves data points for specified metrics. Unlike the Metrics Catalog endpoints (e.g., /v2/metric), which return metadata like metric names and dimensions, the /v2/datapoint endpoint provides the numerical values for metrics over a specified time range.

Here’s how you can approach it:

• Endpoint: Use GET /v2/datapoint or POST /v2/datapoint to query metric values. The POST method is useful for complex queries with multiple metrics or filters.
• Authentication: Include an access token in the header (X-SF-TOKEN: <YOUR_ORG_TOKEN>). You can find your org token in the Splunk Observability Cloud UI under Settings > Access Tokens.
• Query Parameters:

• Specify the metric name(s) you want to query (e.g., cpu.utilization).
• Use dimensions to filter the data (e.g., host:server1).
• Define the time range with startTs and endTs (Unix timestamps in milliseconds) or a relative time range (e.g., -1h for the last hour).
• Set the resolution (e.g., 10s for 10-second intervals).

Example Request (using curl):

bash

curl --request POST \

  --header "Content-Type: application/json" \

  --header "X-SF-TOKEN: <YOUR_ORG_TOKEN>" \

  --data '{

    "metrics": [

      {

        "name": "cpu.utilization",

        "dimensions": {"host": "server1"}

      }

    ],

    "startTs": 1697059200000,

    "endTs": 1697062800000,

    "resolution": "10s"

  }' \

  https://api.<REALM>.signalfx.com/v2/datapoint

Replace <YOUR_ORG_TOKEN> with your access token and <REALM> with your Splunk Observability realm (e.g., us0, found in your profile).

Response: The API returns a JSON object with time-series data points, including timestamps and values for the specified metric(s). For example:

json

{

  "cpu.utilization": [

    {"timestamp": 1697059200000, "value": 45.2, "dimensions": {"host": "server1"}},

    {"timestamp": 1697059210000, "value": 47.8, "dimensions": {"host": "server1"}}

  ]

}

Tips:

• Use the Metric Finder in the Splunk Observability Cloud UI to confirm metric names and dimensions.
• If you’re using OpenTelemetry, ensure your Collector is configured to send metrics to Splunk Observability Cloud.
• For detailed documentation, check the Splunk Observability Cloud developer portal: https://dev.splunk.com/observability/docs/datapoint_endpoint/.[](https://help.splunk.com/en/splunk-o...
• If you’re still getting metadata, verify you’re not using /v2/metric or /v2/metricstore/metrics endpoints, which are for metadata only.