About the sim command available with the Splunk Infrastructure Monitoring Add-on
The Splunk Infrastructure Monitoring Add-on includes a Search Processing Language (SPL) command that accesses your Splunk Infrastructure Monitoring realm and brings metrics and event data into your Splunk deployment. You can then leverage SPL to further manipulate and use the Infrastructure Monitoring data once it's in your Splunk environment. The add-on also lets you create correlation searches that bring useful Infrastructure Monitoring data into IT Service Intelligence (ITSI).
sim command queries your Infrastructure Monitoring realm on demand. It returns metrics and event data from Infrastructure Monitoring that you can further process using common SPL commands. You can also combine your Infrastructure Monitoring data with data already residing in the Splunk Platform to create new useful views.
A common scenario for the
sim command is using events generated by detectors in Infrastructure Monitoring to create a well-distilled view of a specific piece of data in Infrastructure Monitoring. You can pull those events into the Splunk Platform using the
event command and create a notable event in ITSI.
Basic command syntax
sim is a generating command, meaning it generates Splunk events, your SPL searches must begin with a pipe. Then include the
sim command followed by one of the keyword operators shown in the following example:
| sim flow
| sim event
Use the available operator parameters to get a valid piece of data from Infrastructure Monitoring to further process the data using SPL. For available parameters and usage examples of each operator, see the following topics:
Configure inputs in the Splunk Infrastructure Monitoring Add-on
flow query syntax
This documentation applies to the following versions of Splunk® Infrastructure Monitoring Add-on: 1.0.0, 1.1.0, 1.2.0, 1.2.1, 1.2.2