Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

StatsD backend for Splunk

vistate
Explorer
‎10-23-2017 01:36 PM

With the release of Splunk 7 and Metrics being top priority - I am trying to configure StatsD to send UDP traffic to my Splunk indexer. However, I am unable to configure statsD properly.

Has anyone created a Splunk backend for StatsD? I cannot find any documentation on this yet and I can only find info on setting up graphite as a backend.

Please help.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mporath_splunk
Splunk Employee
Splunk Employee
‎10-30-2017 01:58 PM

Splunk acts as both server and backend in this instance. In 7.0, you would send metrics directly to Splunk, without summarizing with a statsd server first.

Alternatively, you can configure a custom sourcetype to parse the graphite plaintext protocol. This would allow you to use the same configuration having the statsd server send summarized metrics to Splunk. This is described in as an example for custom source types in http://docs.splunk.com/Documentation/Splunk/7.0.0/Metrics/GetMetricsInOther#Example_of_configuring_f...

View solution in original post

Reply
Solved! Jump to solution

rjudet
New Member
‎03-28-2020 08:44 PM

Since 2017, it looks there should be an easier solution:

https://docs.splunk.com/Documentation/Splunk/7.2.0/Metrics/GetMetricsInStatsd

However, this is from Splunk Enterprise documentation, so my question would be: is this also available in Splunk Cloud, or, rather, how would we do it in Splunk Cloud?

Thanks

0 Karma
Reply
Solved! Jump to solution
Solution

mporath_splunk
Splunk Employee
Splunk Employee
‎10-30-2017 01:58 PM

Splunk acts as both server and backend in this instance. In 7.0, you would send metrics directly to Splunk, without summarizing with a statsd server first.

Alternatively, you can configure a custom sourcetype to parse the graphite plaintext protocol. This would allow you to use the same configuration having the statsd server send summarized metrics to Splunk. This is described in as an example for custom source types in http://docs.splunk.com/Documentation/Splunk/7.0.0/Metrics/GetMetricsInOther#Example_of_configuring_f...

Reply
Solved! Jump to solution

vistate
Explorer
‎10-31-2017 12:34 PM

This is what is not described on the original page located here.

However,

It looks like my solution will be using both distributed Collectd+statsd Plugin as well as some direct ingestion.

Thank you very much for explaining.

0 Karma
Reply
Solved! Jump to solution

vistate
Explorer
‎10-24-2017 09:20 AM

I have managed to push to Splunk as a backend - however I am seeing this in the logs :

10-24-2017 12:17:01.099 -0400 ERROR MetricsProcessor - After splitting on delimiter (|), expected 2 tokens. Got 1 instead. Suppressing subsequent errors for source::tcp:8081, sourcetype::statsd, host::10.17.52.120 datastream...

0 Karma
Reply
Solved! Jump to solution

gjanders
SplunkTrust
SplunkTrust
‎10-23-2017 03:44 PM

There is documentation here for getting in metrics from statsd

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Solved! Jump to solution

rjudet
New Member
‎03-28-2020 08:46 PM

However, this is from Splunk Enterprise documentation, so my question would be: is this also available in Splunk Cloud, or, rather, how would we do it in Splunk Cloud?

Thanks

0 Karma
Reply
Solved! Jump to solution

vistate
Explorer
‎10-24-2017 06:49 AM

Hi @garethatiag - thank you - reviewed the document. But it does not answer my question 🙂

StatsD requires a backend configuration. And the backends available from statsD are Graphite,
console and some others(https://github.com/etsy/statsd/blob/master/docs/backend.md)

So what I'm looking for is a backend configuration for splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...