Solved: StatsD backend for Splunk

vistate · ‎10-23-2017

With the release of Splunk 7 and Metrics being top priority - I am trying to configure StatsD to send UDP traffic to my Splunk indexer. However, I am unable to configure statsD properly.

Has anyone created a Splunk backend for StatsD? I cannot find any documentation on this yet and I can only find info on setting up graphite as a backend.

Please help.

mporath_splunk · ‎10-30-2017

Splunk acts as both server and backend in this instance. In 7.0, you would send metrics directly to Splunk, without summarizing with a statsd server first.

Alternatively, you can configure a custom sourcetype to parse the graphite plaintext protocol. This would allow you to use the same configuration having the statsd server send summarized metrics to Splunk. This is described in as an example for custom source types in http://docs.splunk.com/Documentation/Splunk/7.0.0/Metrics/GetMetricsInOther#Example_of_configuring_f...

View solution in original post

rjudet · ‎03-28-2020

Since 2017, it looks there should be an easier solution:

https://docs.splunk.com/Documentation/Splunk/7.2.0/Metrics/GetMetricsInStatsd

However, this is from Splunk Enterprise documentation, so my question would be: is this also available in Splunk Cloud, or, rather, how would we do it in Splunk Cloud?

Thanks

mporath_splunk · ‎10-30-2017

Splunk acts as both server and backend in this instance. In 7.0, you would send metrics directly to Splunk, without summarizing with a statsd server first.

Alternatively, you can configure a custom sourcetype to parse the graphite plaintext protocol. This would allow you to use the same configuration having the statsd server send summarized metrics to Splunk. This is described in as an example for custom source types in http://docs.splunk.com/Documentation/Splunk/7.0.0/Metrics/GetMetricsInOther#Example_of_configuring_f...

vistate · ‎10-31-2017

This is what is not described on the original page located here.

However,

It looks like my solution will be using both distributed Collectd+statsd Plugin as well as some direct ingestion.

Thank you very much for explaining.

vistate · ‎10-24-2017

I have managed to push to Splunk as a backend - however I am seeing this in the logs :

10-24-2017 12:17:01.099 -0400 ERROR MetricsProcessor - After splitting on delimiter (|), expected 2 tokens. Got 1 instead. Suppressing subsequent errors for source::tcp:8081, sourcetype::statsd, host::10.17.52.120 datastream...

gjanders · ‎10-23-2017

There is documentation here for getting in metrics from statsd

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

rjudet · ‎03-28-2020

However, this is from Splunk Enterprise documentation, so my question would be: is this also available in Splunk Cloud, or, rather, how would we do it in Splunk Cloud?

Thanks

vistate · ‎10-24-2017

Hi @garethatiag - thank you - reviewed the document. But it does not answer my question 🙂

StatsD requires a backend configuration. And the backends available from statsD are Graphite,
console and some others(https://github.com/etsy/statsd/blob/master/docs/backend.md)

So what I'm looking for is a backend configuration for splunk.

StatsD backend for Splunk

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation