Splunk® Enterprise

Metrics

Download manual as PDF

Download topic as PDF

Overview of metrics

Metrics is a feature for system administrators and IT tools engineers that focuses on collecting, investigating, monitoring, and sharing metrics from your technology infrastructure, security systems, and business applications in real time.

Metrics in the Splunk platform uses a custom index type that is optimized for metric storage and retrieval. To work with metrics, the mstats search command is included for you to apply numeric aggregations (such as avg, sum, percentile, and so forth) to isolate and correlate problems from different data sources.

What is a metric?

A metric is a set of measurements containing a timestamp, a metric name, a value, and a dimension.

timestamp
Indicates when a metric measurement was taken.
metric name
Uses a dotted hierarchy to refer to a namespace (for example, nginx.upstream.responses.5xx). Any string can be used as metric name. We recommend that metric names only include lowercase letters, numbers, underscores, and dots. Dots are used to separate segments of the namespace to create a hierarchy of metrics.
value
A numeric data point representing the value of a metric such as a count, or calculated value for a specific time resolution such as a percentile for a response time metric for the last minute.
dimensions
Provide metadata about the metric. For example:
Region: us-east-1, us-west-1, us-west-2, us-central1
InstanceTypes: t2.medium, t2.large, m3.large, n1-highcpu-2
Technology: nginx, redis, tomcat

You can think of a metric name as something that you are measuring, while dimensions are categories by which you can filter or group the results.

The following are examples of systems that generate metrics:

  • IT infrastructure, such as hosts, networks, and devices
  • System components, such as web servers and databases
  • Application-specific metrics, such as timers that measure performance of a function
  • SaaS
  • Sensors, such as IoT

What is metrics in the Splunk platform?

Metrics is a feature of the Splunk platform. Metrics includes:

  • A metric collection framework used to collect and ingest high-volume metric measurements, typically using a dotted notation for the metric name and metric hierarchy, such as collectd.host.docker_stats.app.task.cpu.system, from agents and APIs.
  • A method to support the collection of existing line metric protocols such as collectd, StatsD, and DogStatsD.
  • A framework that can be used by the universal forwarder (UF) and heavy weight forwarder (HWF) to collect metrics and to optimally and securely forward the metric payload to a standalone or cluster of metric indexes.
  • A metric ingestion pipeline that supports the ability to apply props and transforms at indexing time for well-structured metric payload protocols.
  • A data catalog that is specific to metrics, providing a way to browse and filter a large set of metric names and dimensions.

For examples of metrics data in the Splunk platform, see Get metrics data in.

  NEXT
Get started with metrics

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters