Related Answers
Download topic as PDF
Use custom metric indexes in Splunk App for Infrastructure
You can create custom indexes to store metrics data in Splunk App for Infrastructure. For more information about creating custom indexes, see Create custom indexes.
The default index for metrics data in Splunk App for Infrastructure is em_metrics.
About the em_metrics source type
The em_metrics sourcetype is specifically for use with the Splunk App for Infrastructure, collectd, and the write_splunk plugin for collectd. This sourcetype performs important data transforms before indexing that is not available in the standard collectd sourcetype. Use the sourcetype in any custom metrics index that you create.
Use a custom metrics index in the Splunk App for Infrastructure
Include a custom metrics index in the metrics index macro in the Splunk App for Infrastructure so that you can monitor hosts in your infrastructure that send data to the custom index.
- Go to Settings > Advanced search and select Search macros.
- For App, select Splunk App for Infrastructure (splunk_app_infrastructure).
- Select the sai_metrics_indexes macro.
- For the Definition, include the custom index that you want to use.
- Save the macro.
|
PREVIOUS Update SELinux to allow for data collection in Splunk App for Infrastructure |
NEXT Stop data collection on Splunk App for Infrastructure |
This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.2.0, 1.2.1, 1.2.2, 1.2.3
Feedback submitted, thanks!