Splunk ITSI
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Several Metrics value errors

seanjconnell
Explorer
‎12-11-2019 05:35 AM

We recently implemented Metrics indices to support ITSI in our environment. I am receiving multiple messages that I am not getting a clear understanding on Splunk Answers.

Here are a Few of the messages I am receiving, I hope most are related.

*Search peer Indexer1 has the following message: The metric value 1234.56789 provided for source=5555 (udp port for collectd), sourcetype=em_metrics_udp, host=client2 index=linuxmetrics is not a floating point value. Using a "numberic" type rather than a "string" type is recommended to avoid indexing inefficiencies. Ensure the metric value is provided as a floating point number as not as a string. For instance, provid 123.001 rather than "123.001". *

Search peer Indexer1 has the following message: Metric value= is not valid for source=DNS, sourcetype=DNS, host=Client1 index=winmetrics. Metric event data with an invalid metric value would not be indexed. Ensure the input metric data is not malformed.

*Search peer Indexer1 has the following message: Metric name is missing for source=Replicated_Folders sourcetype=Replicated_folders, host=client3, index=winmetrics. Metric event data without a metric name is invalid and would not be indexed. Ensure the input metric data is not malformed. *

Reply

bbenjamin_splun
Splunk Employee
Splunk Employee
‎12-12-2019 11:24 AM

@seanjconnell is this question in regards to Splunk App for Infrastructure? are these error messages caused by metrics collected by collectd?

Reply

seanjconnell
Explorer
‎12-13-2019 04:23 AM

@bbenjamin, The linux error is definetly being caused by collectd, but the other two seem to be errors caused by SAI implementation done by Professional services and or metrics indexes

0 Karma
Reply

bbenjamin_splun
Splunk Employee
Splunk Employee
‎12-13-2019 12:50 PM

@seanjconnell Although I saw the same linux error in my local testing, I have not been able to replicate the issue consistently - it occurred just couple times in several hours. I'm guessing those UDP messages got corrupted somehow. I'm however able to see the dashboards for the said metric in SAI (in the case of linux, these are just warning messages and shouldn't really cause data loss). If these messages are popping up in large numbers, I'd reach out to whoever set this up for you to check all the configurations.

0 Karma
Reply
Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...