Hi @psla ,

I’m a Community Moderator in the Splunk Community.

This question was posted 2 years ago, so it might not get the attention you need for your question to be answered. We recommend that you post a new question so that your issue can get the  visibility it deserves. To increase your chances of getting help from the community, follow these guidelines in the Splunk Answers User Manual when creating your post.

Thank you! 

I think I got the attention, because it's on the top on the list.

But why should I create another duplicate question? This one describes exactly what I need, and it's still not resolved. Also, guidelines say: "If no one else has asked your question, navigate to https://community.splunk.com  and click Ask a Question, next to the search bar."

Maybe so that you can show _your_ config, _your_ data and say what exactly does or doesn't work in your case. 😉

I'm referring to the original post.  @markhvesta said that his transforms are not working for metrics data. I have the same issue (metric names are of course different).  So, configuration is already here, I don't have to paste my configuration. Regex is working (tested on regex101).

And the main question in this post is "Any ideas if there is a special way to do this [for metrics data]?"

So everything is the same except the metrics are different, the data is different and generally we don't know what and why "doesn't work", right?

But seriously. The data is important here as well as what your transform looks like.

Look at the Masa diagrams https://community.splunk.com/t5/Getting-Data-In/Diagrams-of-how-indexing-works-in-the-Splunk-platfor...

I haven't worked with metrics much but I'd say metric schema is invoked after transforms so you need to filter your data by raw event contents.