How to Collect Data from Splunk

The option to build Legacy Reports with data sourced from Splunk will be available until you migrate to Metric Insights Version 6.X.

This article will show you how to create a Metric with data sourced from Splunk. The process of building other elements/Datasets is essentially the same.

  1. Any Saved Search can be queried by the Splunk plugin and used as a data source in Metric Insights.
  2. Saved Searches are accessible in Metric Insights via a dropdown in Element/Dataset Editors and displayed as a hierarchical list of Splunk Objects.

PREREQUISITES:

1. Access New > Metric

Provide the basic information required for creating a new metric:

  1. Select the Measurement Interval that applies to your element
  2. Optionally, select Dimension
  3. Give the element a unique Name
  4. Optionally, assign a Category,  Put in Folder
  5. Click Next: define details to proceed with data collection

2. Full Editor displays the Data Collection tab

  1. Select the Splunk connection profile serving as a Data Source for this Metric
  2. Set the Data Collection Trigger that is going to initiate updating information in this Metric
  3. Specify a Splunk Search from the dropdown
  4. Construct a Plugin command that should list the data you would like to include into the Metric (manually of via the Visual Editor)
    • Please note that Metrics represent time series data, so one of the columns should contain dates
  5. Validate your Plugin Command:
    • If your statement is valid, the statement box is green
    • If there are any errors, the box is colored in red and errors will be explained in the field below
  6. Collect Data
  7. Save, Enable and Publish your Metric

Plugin commands

To get more information on Splunk plugin syntax and full list of commands, refer to the Splunk command cheat sheet and search for commands by category.

3. Metric will be displayed in viewer

0 Comments

Add your comment

E-Mail me when someone replies to this comment