Splunk Search

mstats and mcatalog simply does not work

deodion
Path Finder

I try to use mstats and mcatalog command
it just simply does not work, I think its Splunk settings side Im missing,

such as this:

| mstats sum(bytes) latest(_time) where index=metrics_app_dest_survey by app_name

Im using admin account, is there anything wrong with user role capability?
I only see one thing relevant list_metrics_catalog is added capability, but still not working,

What am I missing? thanks!

0 Karma
1 Solution

deodion
Path Finder

Hello thaggie,
thanks for replying, the problem with this is simply that I didnt setup the index type correctly, the index type should be metric.

View solution in original post

0 Karma

deodion
Path Finder

Hello thaggie,
thanks for replying, the problem with this is simply that I didnt setup the index type correctly, the index type should be metric.

0 Karma

thaggie_splunk
Splunk Employee
Splunk Employee

When you execute:

| mcatalog values(metric_name) where index=metrics_app_dest_survey

Do you get any values back?

You can't aggregate time so you need to remove latest(_time), this should work:

| mstats sum(bytes) where index=metrics_app_dest_survey by app_name
0 Karma
Get Updates on the Splunk Community!

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...