Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Scripting in metrics with Splunk?

daniel333
Builder
‎10-18-2017 04:05 PM

All,

Still getting my head around metrics. I shameless stole this line of bash and setup metrics and it's working . UI was cool. 

echo "mydesktop.cpu.util:$intCount|c" | nc -w 1 -u myheavyforwarders.domain.com 8125

With this in mind how would I send more than one metric? Say I wanted all the output of TOP? Can you send more than one metric at a time? I understand these metric can have dimension, is that basically an array of values?

0 Karma
Reply

rjthibod
Champion
‎10-19-2017 07:07 AM

As @richgalloway said in hist comment, in 7.0.0, you can only send one _value and one measurement in each metric event, but theoretically you can have as many dimensions (columns/tags/fields) as you want.

You could parse top output and send each row separately with the same timestamp. Each column would be a dimension but you would need to determine what you are sending as the _value field in this case. Not really sure what the point of this would be, but it is doable.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-19-2017 07:01 AM

As I understand metrics, each "event" is a single value. Dimensions describe the value - process ID, user running the process, etc.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...