Overview of metrics
Metrics is a feature for system administrators and IT tools engineers that focuses on collecting, investigating, monitoring, and sharing metrics from your technology infrastructure, security systems, and business applications in real time.
Metrics in the Splunk platform uses a custom index type that is optimized for metric storage and retrieval. To work with metrics, the
mstats search command is included for you to apply numeric aggregations (such as avg, sum, percentile, and so forth) to isolate and correlate problems from different data sources.
What is a metric?
A metric is a set of measurements containing a timestamp, a metric name, a value, and a dimension.
- Indicates when a metric measurement was taken.
- metric name
- Uses a dotted hierarchy to refer to a namespace (for example, nginx.upstream.responses.5xx). Any string can be used as metric name. We recommend that metric names only include lowercase letters, numbers, underscores, and dots. Dots are used to separate segments of the namespace to create a hierarchy of metrics.
- A numeric data point representing the value of a metric such as a count, or calculated value for a specific time resolution such as a percentile for a response time metric for the last minute.
- Provide metadata about the metric. For example:
- Region: us-east-1, us-west-1, us-west-2, us-central1
- InstanceTypes: t2.medium, t2.large, m3.large, n1-highcpu-2
- Technology: nginx, redis, tomcat
You can think of a metric name as something that you are measuring, while dimensions are categories by which you can filter or group the results.
The following are examples of systems that generate metrics:
- IT infrastructure, such as hosts, networks, and devices
- System components, such as web servers and databases
- Application-specific metrics, such as timers that measure performance of a function
- Sensors, such as IoT
What is metrics in the Splunk platform?
Metrics is a feature of the Splunk platform. Metrics includes:
- A metric collection framework used to collect and ingest high-volume metric measurements, typically using a dotted notation for the metric name and metric hierarchy, such as collectd.host.docker_stats.app.task.cpu.system, from agents and APIs.
- A method to support the collection of existing line metric protocols such as collectd, StatsD, and DogStatsD.
- A framework that can be used by the universal forwarder (UF) and heavy weight forwarder (HWF) to collect metrics and to optimally and securely forward the metric payload to a standalone or cluster of metric indexes.
- A metric ingestion pipeline that supports the ability to apply props and transforms at indexing time for well-structured metric payload protocols.
- A data catalog that is specific to metrics, providing a way to browse and filter a large set of metric names and dimensions.
For examples of metrics data in the Splunk platform, see Get metrics data in.
Get started with metrics
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0