Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk 7.0.0: How to get metrics in from collectd

sureshr7
Explorer
‎11-08-2017 04:09 PM

Hi,

How to add a tag(region) to a collectd based metric from a host? For example if we have 2 regions (us-east,us-west), how to add this data from collectd to the Splunk metrics index?

Thanks
Suresh

Reply

sureshr7
Explorer
‎11-30-2017 10:09 PM

Using the below code, write_http will add custom tag "meta":{"foo":"bar"}" to all json data. Now the challenge is recognizing this as dimension in splunk.



PostCacheChain "PostCache"

<Target "set">
  MetaData "foo" "bar"
</Target>

Target "write"

0 Karma
Reply

lukeh
Contributor
‎11-30-2017 10:15 PM

Thanks, I'll have a crack and get back to you.

0 Karma
Reply

theouhuios
Motivator
‎10-22-2018 06:42 AM

Any luck with this? Is there a way to add Tags via collectd and get splunk to understand them as dimensions?

0 Karma
Reply

sureshr7
Explorer
‎11-30-2017 09:26 PM

I was able to add a custom meta tag using PostCacheChain from collectd. But still not able to read it via splunk.

0 Karma
Reply

lukeh
Contributor
‎11-30-2017 09:35 PM

I would be happy to test this for you, could you please provide an example from collectd.conf ?
FYI: I am the author of Analytics for Linux which uses metrics from collectd:
https://splunkbase.splunk.com/app/3777/

0 Karma
Reply

thaggie_splunk
Splunk Employee
Splunk Employee
‎11-30-2017 10:33 AM

You should be able to add a region field as you push the measurements to splunk.
From: http://docs.splunk.com/Documentation/Splunk/7.0.0/Metrics/GetMetricsInCollectd

curl -k https://localhost:8088/services/collector/raw?sourcetype=collectd_http   \
-H "Authorization: Splunk <HEC_token>"                                      \
-d '[{"values":[164.9196798931339196],"dstypes":["derive"],"dsnames":["value"],"time":1505356687.894,"interval":10.000,"host":"collectd","plugin":"protocols","plugin_instance":"IpExt","type":"protocol_counter","type_instance":"InOctets"}]'

So each message is like:

{
  "values": [164.9196798931339196],
  "dstypes": ["derive"],
  "dsnames": ["value"],
  "time": 1505356687.894,
  "interval": 10.000,
  "host": "collectd",
  "plugin": "protocols",
  "plugin_instance": "IpExt",
  "type": "protocol_counter",
  "type_instance": "InOctets"
}

You should be able to add:

"region": "us-east"
Reply

lukeh
Contributor
‎11-30-2017 09:08 PM

that will work for custom metrics, but not for native collectd metrics as the Collectd API does not have a concept of tags. It looks like the Collectd community is working towards a solution – but it still looks like a bandaid attempting to work around the fact that Collectd’s core has no concept of tags:
https://github.com/collectd/collectd/pull/1655

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...