How to Collect Data from Splunk
The option to build Legacy Reports with data sourced from Splunk will be available until you migrate to Metric Insights Version 6.X.
This article will show you how to create a Metric with data sourced from Splunk. The process of building other elements/Datasets is essentially the same.
- Any Saved Search can be queried by the Splunk plugin and used as a data source in Metric Insights.
- Saved Searches are accessible in Metric Insights via a dropdown in Element/Dataset Editors and displayed as a hierarchical list of Splunk Objects.
- You must have already established connectivity to the Splunk data source.
- Your Splunk version must be 6.x or 7.x
1. Access New > Metric
Provide the basic information required for creating a new metric:
- Select the Measurement Interval that applies to your element
- Optionally, select Dimension
- Give the element a unique Name
- Optionally, assign a Category, Put in Folder
- Click Next: define details to proceed with data collection
2. Full Editor displays the Data Collection tab
- Select the Splunk connection profile serving as a Data Source for this Metric
- Set the Data Collection Trigger that is going to initiate updating information in this Metric
- Specify a Splunk Search from the dropdown
- Construct a Plugin command that should list the data you would like to include into the Metric (manually of via the Visual Editor)
- Please note that Metrics represent time series data, so one of the columns should contain dates
Validate your Plugin Command:
- If your statement is valid, the statement box is green
- If there are any errors, the box is colored in red and errors will be explained in the field below
- Collect Data
- Save, Enable and Publish your Metric