Splunk® App for Infrastructure (Legacy)

Administer Splunk App for Infrastructure

Use custom metric indexes in Splunk App for Infrastructure

You can create custom indexes to store metrics data in the Splunk App for Infrastructure (SAI). For more information about creating custom indexes, see Create custom indexes.

The default index for metrics data in Splunk App for Infrastructure is em_metrics.

About the em_metrics source type

The em_metrics sourcetype is specifically for use with SAI, collectd, and the write_splunk plugin for collectd. This sourcetype performs important data transforms before indexing that is not available in the standard collectd sourcetype. Use the sourcetype in any custom metrics index that you create.

Use a custom metrics index in SAI

Include a custom metrics index in the metrics index macro so you can monitor hosts in your infrastructure that send data to the custom index. You can also add multiple metrics indexes.

  1. Go to Settings > Advanced search and select Search macros.
  2. For App, select Splunk App for Infrastructure (splunk_app_infrastructure).
  3. Select the sai_metrics_indexes macro.
  4. For the Definition, include the custom index you want to use. If you use multiple metrics indexes, add each one like this:
    index = linux_metrics OR index = windows_metrics
    
  5. When you're done, save the macro.
  6. Go to Settings > Data inputs and select HTTP Event Collector.
  7. For the HEC token you use to collect metrics, update the allowed indexes list and specify a new Default Index.
  8. When you're done, save the configuration.
Last modified on 08 July, 2020
Send collectd data to a local universal forwarder   Configure alert notifications in Splunk App for Infrastructure

This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.3.0, 1.3.1, 1.4.0, 1.4.1, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1 Cloud only, 2.2.0 Cloud only, 2.2.1, 2.2.3 Cloud only, 2.2.4, 2.2.5


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters