Getting Data In

Splunk 7x Metrics - use cases and success stories

inventsekar
SplunkTrust
SplunkTrust

Hi All, May we know, how you guys are using the 7x feature metrics, some of your use cases, success stories please, how good this one is when compared to summary index / tstats, etc.. (didnt see many posts on this topic, thus creating one, for our learning and happy splunking )

Overview of metrics
Metrics is a feature for system administrators and IT tools engineers that focuses on collecting, investigating, monitoring, and sharing metrics from your technology infrastructure, security systems, and business applications in real time.

Metrics in the Splunk platform uses a custom index type that is optimized for metric storage and retrieval. To work with metrics, the mstats command is included for you to apply numeric aggregations (such as average, sum, percentile, and so forth) to isolate and correlate problems from different data sources.

You also see that you have to use a different set of commands to work with Metrics ( mstats and mcatalog) See here : https://docs.splunk.com/Documentation/Splunk/7.0.0/Metrics/Search

https://docs.splunk.com/Documentation/Splunk/7.0.0/Metrics/Overview

Old post for ref: https://answers.splunk.com/answers/588891/summary-indexes-metrics-in-splunk-700.html

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma

inventsekar
SplunkTrust
SplunkTrust

any views, suggestions pls

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma

gjanders
SplunkTrust
SplunkTrust

While it's not my app, I've used the Metricator application (nmon) for Splunk, I found the license usage to be slightly higher, the disk usage is slightly better than the previous data model acceleration attempt in 7.0.x

However from what I've read I should see further improvements in 7.1.x and 7.2.x in terms of the metric index size and speed.

In terms of advantages, there is no / minimal data model acceleration requirements, searches are faster and I can now look over a lot more data very quickly!
I previously used the Nmon application (log-based)

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...