Eventgen generating metric data- how to resolve er...

robertlynch2020 · ‎03-27-2023

Hi

I am using Eventgen to create metric data. I have it working for events.

I want to get up a very basic example timestamp and metric with the basic value, below, but I am getting an error message.

The metric event is not properly structured, source=bcgames, sourcetype=addons, host=buttercup, index=bcg_eventgen_metrics. Metric event data without a metric name and properly formated numerical values are invalid and cannot be indexed. Ensure the input metric data is not malformed, have one or more keys of the form "metric_name:<metric>" (e.g..."metric_name:cpu.idle") with corresponding floating point values.

[sample.lab2data]
interval = 2m
earliest = -2m
latest = now
backfill = -1d

outputMode = metric_httpevent

index = bcg_eventgen_metrics
host = buttercup
source = bcgames
sourcetype = sales:addons

token.0.token = !timestamp!
token.0.replacementType = timestamp
token.0.replacement = %H:%M:%S %b-%d-%Y

token.1.token = !1!
token.1.replacementType = random
token.1.replacement = integer[1:3]

sample.lab2.data

timestamp=!timestamp! metric_name:cpu.idle=!1!

Eventgen generating metric data- how to resolve error?

configuration

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All