Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Eventgen generating metric data- how to resolve error?

robertlynch2020
Influencer
‎03-27-2023 09:16 AM

Hi

I am using Eventgen to create metric data. I have it working for events.

I want to get up a very basic example timestamp and metric with the basic value, below, but I am getting an error message.

 

 

 

The metric event is not properly structured, source=bcgames, sourcetype=addons, host=buttercup, index=bcg_eventgen_metrics. Metric event data without a metric name and properly formated numerical values are invalid and cannot be indexed. Ensure the input metric data is not malformed, have one or more keys of the form "metric_name:<metric>" (e.g..."metric_name:cpu.idle") with corresponding floating point values.

 

 

 

 

 

 

 

[sample.lab2data]
interval = 2m
earliest = -2m
latest = now
backfill = -1d

outputMode = metric_httpevent

index = bcg_eventgen_metrics
host = buttercup
source = bcgames
sourcetype = sales:addons

token.0.token = !timestamp!
token.0.replacementType = timestamp
token.0.replacement = %H:%M:%S %b-%d-%Y

token.1.token = !1!
token.1.replacementType = random
token.1.replacement = integer[1:3]

 

 

 

sample.lab2.data

 

 

 

timestamp=!timestamp! metric_name:cpu.idle=!1!

 

 

 

 

Labels (1)
Labels
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...