Splunk® Enterprise

Metrics

Download manual as PDF

Download topic as PDF

Overview of metrics

Metrics is a feature for system administrators and IT tools engineers that focuses on collecting, investigating, monitoring, and sharing metrics from your technology infrastructure, security systems, and business applications in real time.

Metrics in the Splunk platform uses a custom index type that is optimized for metric storage and retrieval. You can run metrics-specific commands like mstats on the metric data points in those metric indexes. The mstats command lets you apply aggregate functions such as average, sum, count, and so on to those data points, helping you isolate and correlate problems from different data sources.

What is a metric?

A metric is a single measurement at a specific point in time. If you combine that measurement with a timestamp and one or more dimensions, you have a metric data point. A single metric data point can contain multiple measurements and multiple dimensions.

timestamp
Indicates when the measurements in the data point were taken.
metric_name
A thing you are measuring. Uses a dotted hierarchy to refer to a namespace, such as nginx.upstream.responses.5xx. Any string can be used as metric name. Metric names can include only lowercase letters, numbers, underscores, and dots. The dots separates the metric namespace into segments, allowing for the creation of metric hierarchies.
numeric_value
A number representing the value of a metric such as a count, or calculated value for a specific time resolution such as a percentile for a response time metric for the last minute.
measurement
A field-value combination of a metric_name and a corresponding numeric_value. Measurements always follow this syntax: metric_name:<metric_name>::<numeric_value>. For example: metric_name:cpu.idle::15 or metric_name:io.util::10.232.
dimensions
Metadata fields that provide categories you can use to filter or group metric data points. For example:
Region: us-east-1, us-west-1, us-west-2, us-central1
InstanceType: t2.medium, t2.large, m3.large, n1-highcpu-2
Technology: nginx, redis, tomcat

The following are examples of systems that generate metrics:

  • IT infrastructure, such as hosts, networks, and devices
  • System components, such as web servers and databases
  • Application-specific metrics, such as timers that measure performance of a function
  • Software as a Service (SaaS) systems
  • Sensors, such as Internet of Things (IoT) features

What is a metric time series?

A metric time series is a set of metric data points that measure the same things and have the same sets of dimensions. The following three metric data points form a metric time series. Note that each metric data point has measurements for the max.size.kb, current.size.kb, and current.size metrics and that they share the same dimension field-value combinations.

_time metric_name:max.size.kb metric_name:current.size.kb metric_name:current.size group name
08-05-2019 16:26:42.025 -0700 500 300 53 queue azd
08-05-2019 16:26:41.055 -0700 345 245 43 queue azd
08-05-2019 16:26:40.023 -0700 334 124 39 queue azd

What features does the Splunk platform provide for metrics data?

The Splunk platform provides a fully-rounded metrics solution that runs from metrics data ingestion, indexing, and transformation on one end, to metrics search, analysis and reporting on the other.

Getting metrics data in
The Splunk platform utilizes a metric collection framework of agents and APIs to collect and ingest high-volume metrics. It supports line metric protocols like collectd and StatsD. The universal forwarder and heavy forwarder can use this collection framework to ingest metric data and securely forward it to a standalone metric index or a metric index cluster. See Get metrics data in.
Transforming metric data
The metric ingestion pipeline can transform your data at indexing time so that it conforms to the protocols of well-structured metrics. You can also use our log-to-metrics functionality to transform event data into metrics data as it is ingested and indexed. See Convert event logs to metric data points.
Searching and reporting on metric data
The metrics-specific mstats command lets you filter, aggregate and report on your metrics data. The mcollect and meventcollect commands enable you to convert events to metric data points at search time. See Search and monitor metrics.
Visualizing and analyzing metric trends
The Splunk Analytics Workspace makes it easy to monitor and analyze trends in your metrics data without using the Splunk Search Processing Language(SPL). Use it to create interactive charts, visualize metric data correlations, and save your creations as charts or dashboards. see About the Splunk Analytics Workspace in Using the Splunk Analytics Workspace.
  NEXT
Get started with metrics

This documentation applies to the following versions of Splunk® Enterprise: 8.0.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters