I try to use mstats and mcatalog command
it just simply does not work, I think its Splunk settings side Im missing,
such as this:
| mstats sum(bytes) latest(_time) where index=m...
...etric_name="mem.total" OR metric_name="swap.total"
| mcatalog values(_dims) as dimensions values(metric_name) as metric_name where index=telegraf metric_name=*
it returns 0 results.
in Telegraf OS m...
I'm trying to populate a dropdown filter with a mcatalog search to allow a user to select from a list of dimensions. The search works but the results are returned as a long string without line b...
Hello, I'm having trouble finding an alternative to the mcatalog values(_value) command for metrics. In the documentation, it says that the values(_value) is not allowed, so what is another w...
The command recommended by the docs to view all metrics in all indexes is:
| mcatalog values(metric_name)
But with Splunk Enterprise 7.1.2 and the Add-On for Microsoft Windows, this shows n...
Hi,
Getting following errors from failed |mcatalog search against metrics index using a power user role. The |mcatalog search runs ok with admin role. The search was running ok in Splunk 7.3.3 b...
After updating a bucket replication policy and doing a rolling restart of cluster indexers, one of the indexers seems stuck in this state:
Question: where do I go, what do I do, to figure out ...
Hello, Trying to complete a search that uses metrics to monitor when a device has not been connected for the last 90 days. | mcatalog values(id) WHERE index=AM AND metric_name=CN AND type="d...
...omplicated as evidenced by the special earliest_time() and latest_time() functions. I have tried everything to access both _time and _indextime in a metrics index (both mstats and mcatalog ) a...
...here index=xyz by metric_timestamp).
mcatalog just displays the schema, not the values from "metric_timestamp" field.
Any help is greatly appreciated. Thanks!