×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
drgonzo65
Engager
Member since: ‎12-14-2011
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎12-14-2011
Activity Feed
View All

Re: logging multiple metrics for time series

by in Splunk Search
‎01-15-2012 10:24 AM
‎01-15-2012 10:24 AM
1) Field Extraction transforms.conf: [extract-metric] REGEX=(\S+):(\S+) FORMAT=$1::$2 props.conf: [mysourcetype] REPORT-metric=extract-metric Or, if you just want search-time results, skip all this and use the extract command as shown below. 2) Timechart Reporting If your metrics field names follow a pattern, you may be able to use wildcards. For example if they all start with 'metric_', you can do: | timechart avg(metric_*) In a real pinch, you can use this (rather ugly) method: sourcetype=whatever ... | fields + _time,_raw | extract pairdelim=" " kvdelim=: | timechart avg(*) First, filter out all fields except _raw and _time . Then use extract to add back the fields containing your metrics. Now you can use timechart avg(*) , since only your metrics fields remain to be matched by the wildcard. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All