All Apps and Add-ons

Monitoring of Java Virtual Machines with JMX: How to set sourcetype=jmx?

jchengtivo
New Member

I'm using Monitoring of Java Virtual Machines with JMX (https://splunkbase.splunk.com/app/668/ ) to send my JMX metrics to Splunk. I am able to get them to come in, and they are formatted as follows:

host=kafka.example.com,jvmDescription="kafka.example.com",mbean_domain=kafka.server,mbean_property_name=BytesInPerSec,mbean_property_type=BrokerTopicMetrics,OneMinuteRate=0.0076934320698407235,EventType=bytes,Count=12681948627,FifteenMinuteRate=124.59768373600586,FiveMinuteRate=8.208111103137483,MeanRate=17771.71328341811

Within Splunk, I currently have the sourcetype=generic_single_line. Is there a predefined type for jmx? I've seen references around the web to a sourcetype=jmx, but I can't find any such thing in my Splunk installation. Is this a standard type? Is it delivered with one of the Splunk apps? Or do I need to define a sourcetype myself to extract all the keys and values?

I am using Splunk Enterprice 6.3.0. I am using version 2.3 of "Monitoring of Java Virtual Machines with JMX".

Thanks.

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

If you have installed the JMX app on splunk instance, the configuration files are in

SPLUNK_HOME/etc/apps/SPLUNK4JMX/default/inputs.conf where the sourcetype is mentioned as jmx by default.

Moreover, in the JMX app the events should be already being fed into Splunk in best practice semantic format, key=value pairs , no additional field extractions are required.

Happy Splunking!
0 Karma

eddiet
Explorer

test driving this app now and noticed the default helloworld jmx input is disabled out of the box. maybe why OP is not seeing these details.

i enabled it, restarted splunk and on my way with the default settings

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...