Skip to content

HEC Metrics Usage

Jump to bottom Edit New page
George Starcher edited this page Mar 17, 2018 · 2 revisions

Reference Link:

Summary:

You can use this HEC class to send to the Splunk Metric store introduced in Splunk v7.

The key points are:

  1. Set the "event" payload field to "metric" in lowercase.
  2. Form a JSON dict with the required fields:
  • "metric_name" = the string name of your metric measurement field
  • "_value" = the numeric measurement value for your field.
  1. You can optionally add other fields your JSON dict and those are "dimensions" for the metric.
  2. Put your built JSON dict into the payload field "fields".

If you look closely you will realize that you are making a payload for HEC that is ONLY index time data, no raw event data. That is the essence of the Splunk Metrics Store. A special index that holds no raw data for normal searching. Just fast index time data.

Add a custom footer
Add a custom sidebar
Clone this wiki locally