How do I pull a log file directly in as a metric?

daniel333 · ‎10-03-2018

All,

I am playing with metricbeat and I am happy camper with it. I was wondering if there was a way to pull the metricbeat logs in directly as a metric rather than as a log?

Example logs
2017-12-17T18:54:16.241-0500 INFO logp/core_test.go:13 unnamed global logger
2017-12-17T18:54:16.242-0500 INFO [example] logp/core_test.go:16 some message
2017-12-17T18:54:16.242-0500 INFO [example] logp/core_test.go:19 some message {"x": 1}

iamarkaprabha · ‎10-03-2018

You can try using uberagent app.
https://splunkbase.splunk.com/app/1448/

back2root · ‎10-03-2018

Maybe you wanna have a look at Splunk 7.2.0 newest feature "log-to-metrics conversion":
http://docs.splunk.com/Documentation/Splunk/7.2.0/Metrics/L2MOverview

Pre 7.2.0 you need to write props/transforms: http://docs.splunk.com/Documentation/Splunk/7.1.3/Metrics/GetMetricsInOther

How do I pull a log file directly in as a metric?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life