...m basing my analysis on the following topic: Getmetricsinfromothersources. I've managed to create a search that converts my event data into the format that is required by the metrics_csv sourc...
I am taking events from three source types (same index; two common fields present across all three) and creating a table with the results. The events are indexed using a "timestamps" field that is p...
...ome of the dimenstions from the source field.
According to the docs something like that is possible for nearly all other methods of importing metrics, but not for CSV files.
Is there any way I c...
...bove situation only with UFs internal logs, we simple cannot query for the source and check its earliest coz we dont have access to indexers containing actual logs. I checked with metrics.log but it w...
Hi, I am trying to collect metricsfrom various sources with the OTel Collector and send them to our Splunk Enterprise instance via a HEC. Collecting and sending the metrics via OTel seems to work q...
...Running aggregate metricsources (like my example above - total power consumed in an hour) become very challenging with current, duplicate metric logic
Clustered environments raise the risk of get...
Looking to measure heavy sources and track how much is getting indexed per day by source. the main problem is our Splunk admin team cannot give us access to the _internal index, so i cannot run t...
I have my inputs.conf setup like so:
[monitor:///var/log/java]
disabled = 0
index = myindex
sourcetype = metrics_csv
whitelist = metrics.*.csv
CRCSALT = <SOURCE>
But even though each f...
...hem) or from IT security "how can I see all the sources of data that we are monitoring and where they are being monitored for the whole environment, so we can make sure we are covered".
I have n...
Hello,
We would like to match all sources except the ones including /splunk/ in props.conf.
Example: No match for /opt/splunk/var/log/splunk/metrics.log and /opt/splunk/var/log/splunk/s...