Splunk ITSI
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Several Metrics value errors

seanjconnell
Explorer
‎12-11-2019 05:35 AM

We recently implemented Metrics indices to support ITSI in our environment. I am receiving multiple messages that I am not getting a clear understanding on Splunk Answers.

Here are a Few of the messages I am receiving, I hope most are related.

*Search peer Indexer1 has the following message: The metric value 1234.56789 provided for source=5555 (udp port for collectd), sourcetype=em_metrics_udp, host=client2 index=linuxmetrics is not a floating point value. Using a "numberic" type rather than a "string" type is recommended to avoid indexing inefficiencies. Ensure the metric value is provided as a floating point number as not as a string. For instance, provid 123.001 rather than "123.001". *

Search peer Indexer1 has the following message: Metric value= is not valid for source=DNS, sourcetype=DNS, host=Client1 index=winmetrics. Metric event data with an invalid metric value would not be indexed. Ensure the input metric data is not malformed.

*Search peer Indexer1 has the following message: Metric name is missing for source=Replicated_Folders sourcetype=Replicated_folders, host=client3, index=winmetrics. Metric event data without a metric name is invalid and would not be indexed. Ensure the input metric data is not malformed. *

Reply

bbenjamin_splun
Splunk Employee
Splunk Employee
‎12-12-2019 11:24 AM

@seanjconnell is this question in regards to Splunk App for Infrastructure? are these error messages caused by metrics collected by collectd?

Reply

seanjconnell
Explorer
‎12-13-2019 04:23 AM

@bbenjamin, The linux error is definetly being caused by collectd, but the other two seem to be errors caused by SAI implementation done by Professional services and or metrics indexes

0 Karma
Reply

bbenjamin_splun
Splunk Employee
Splunk Employee
‎12-13-2019 12:50 PM

@seanjconnell Although I saw the same linux error in my local testing, I have not been able to replicate the issue consistently - it occurred just couple times in several hours. I'm guessing those UDP messages got corrupted somehow. I'm however able to see the dashboards for the said metric in SAI (in the case of linux, these are just warning messages and shouldn't really cause data loss). If these messages are popping up in large numbers, I'd reach out to whoever set this up for you to check all the configurations.

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...