I have Splunk App for Infrastructure installed and configured, it works for Windows agent, but I cannot make it for Linux server.
Collectd seems runs well with write_splunk plugin, I run search
index="_introspection" token| spath "data.token_name" | search "data.token_name"="collectd token"
looks the HEC is receiving data like the screenshot shows.
But there is no data of the metrics index assigned to the HEC token, and search for
| mstats count WHERE index=* AND metric_name=* by host, metric_name
only Windows host shows.
... View more