About the sim command available with the Splunk Infrastructure Monitoring Add-on

The Splunk Infrastructure Monitoring Add-on includes a Search Processing Language (SPL) command that accesses your Splunk Infrastructure Monitoring realm and brings metrics and event data into your Splunk deployment. You can then leverage SPL to further manipulate and use the Infrastructure Monitoring data once it's in your Splunk environment. The add-on also lets you create correlation searches that bring useful Infrastructure Monitoring data into IT Service Intelligence (ITSI).

sim command

The sim command queries your Infrastructure Monitoring realm on demand. It returns metrics and event data from Infrastructure Monitoring that you can further process using common SPL commands. You can also combine your Infrastructure Monitoring data with data already residing in the Splunk Platform to create new useful views.

A common scenario for the sim command is using events generated by detectors in Infrastructure Monitoring to create a well-distilled view of a specific piece of data in Infrastructure Monitoring. You can pull those events into the Splunk Platform using the event command and create a notable event in ITSI.

Basic command syntax

Because sim is a generating command, meaning it generates Splunk events, your SPL searches must begin with a pipe. Then include the sim command followed by one of the keyword operators shown in the following example:

| sim flow

| sim event

Use the available operator parameters to get a valid piece of data from Infrastructure Monitoring to further process the data using SPL. For available parameters and usage examples of each operator, see the following topics:

• flow query syntax
• event query syntax