Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk 7.0.0: How to get metrics in from collectd

sureshr7
Explorer
‎11-08-2017 04:09 PM

Hi,

How to add a tag(region) to a collectd based metric from a host? For example if we have 2 regions (us-east,us-west), how to add this data from collectd to the Splunk metrics index?

Thanks
Suresh

Reply

sureshr7
Explorer
‎11-30-2017 10:09 PM

Using the below code, write_http will add custom tag "meta":{"foo":"bar"}" to all json data. Now the challenge is recognizing this as dimension in splunk.



PostCacheChain "PostCache"

<Target "set">
  MetaData "foo" "bar"
</Target>

Target "write"

0 Karma
Reply

lukeh
Contributor
‎11-30-2017 10:15 PM

Thanks, I'll have a crack and get back to you.

0 Karma
Reply

theouhuios
Motivator
‎10-22-2018 06:42 AM

Any luck with this? Is there a way to add Tags via collectd and get splunk to understand them as dimensions?

0 Karma
Reply

sureshr7
Explorer
‎11-30-2017 09:26 PM

I was able to add a custom meta tag using PostCacheChain from collectd. But still not able to read it via splunk.

0 Karma
Reply

lukeh
Contributor
‎11-30-2017 09:35 PM

I would be happy to test this for you, could you please provide an example from collectd.conf ?
FYI: I am the author of Analytics for Linux which uses metrics from collectd:
https://splunkbase.splunk.com/app/3777/

0 Karma
Reply

thaggie_splunk
Splunk Employee
Splunk Employee
‎11-30-2017 10:33 AM

You should be able to add a region field as you push the measurements to splunk.
From: http://docs.splunk.com/Documentation/Splunk/7.0.0/Metrics/GetMetricsInCollectd

curl -k https://localhost:8088/services/collector/raw?sourcetype=collectd_http   \
-H "Authorization: Splunk <HEC_token>"                                      \
-d '[{"values":[164.9196798931339196],"dstypes":["derive"],"dsnames":["value"],"time":1505356687.894,"interval":10.000,"host":"collectd","plugin":"protocols","plugin_instance":"IpExt","type":"protocol_counter","type_instance":"InOctets"}]'

So each message is like:

{
  "values": [164.9196798931339196],
  "dstypes": ["derive"],
  "dsnames": ["value"],
  "time": 1505356687.894,
  "interval": 10.000,
  "host": "collectd",
  "plugin": "protocols",
  "plugin_instance": "IpExt",
  "type": "protocol_counter",
  "type_instance": "InOctets"
}

You should be able to add:

"region": "us-east"
Reply

lukeh
Contributor
‎11-30-2017 09:08 PM

that will work for custom metrics, but not for native collectd metrics as the Collectd API does not have a concept of tags. It looks like the Collectd community is working towards a solution – but it still looks like a bandaid attempting to work around the fact that Collectd’s core has no concept of tags:
https://github.com/collectd/collectd/pull/1655

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...