Solved: Metric : mcollect command error

brdr · ‎07-08-2019

Hello,

I've been using this command on other metric indexes and i can't get this one to work.

index=iiot_index Tag="simple_tag" AND metric_name="simple_metric" Quality=good
| eval Value=CASE(
Value="TRUE", 1,
Value="FALSE", 0,
Value="ACTIVE", 1,
Value="IN_PROGRESS", 1,
Value="ARMED", 1,
Value="TRIGGERED", 0,
Value="ON", 1,
Value="OFF", 0,
1=1, Value)
| rex field=asset_name "(?.).(?.)"
| eval _value=Value
| where isnum(_value)
| table asset metric_name Value _time
| mcollect index=iiot_index_metric asset,metric_name,Value

The error i get is this:

Error in 'mcollect' command: Must specify a valid metric index.

I do get data from the first index above, and this index in the last line is a metrics index.

Thanks

brdr · ‎07-08-2019

I figured in out. we are in a distributed environment and this index needed to be on the search head as well as indexers (of course).

View solution in original post

brdr · ‎07-08-2019

I figured in out. we are in a distributed environment and this index needed to be on the search head as well as indexers (of course).

Metric : mcollect command error

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...