# # Clones all metrics.log events into a metric_log sourcetype. The metrics_log # sourcetype does the necessary conversion from log to metric event, and redirects # the events to the _metrics index. See accompanying transforms.conf in this # app for details on transformation ### [source::.../var/log/splunk/metrics.log(.\d+)?] TRANSFORMS-metricslogclone = metrics_log_clone [source::.../var/log/introspection/disk_objects.log(.\d+)?] TRANSFORMS-diskobjectsclone = introspection_disk_objects_log_clone [source::.../var/log/introspection/resource_usage.log(.\d+)?] TRANSFORMS-resourceusageclone = introspection_resource_usage_log_clone [splunk_metrics_log] TRANSFORMS-metricslog = metrics_index_redirect,metrics_field_extraction,metrics_log_metric_name METRIC-SCHEMA-TRANSFORMS = metric-schema:metrics_dot_log [splunk_intro_disk_objects] TRANSFORMS-blah = metrics_index_redirect,introspection_disk_objects_metric_name METRIC-SCHEMA-TRANSFORMS = metric-schema:introspection_disk_objects [splunk_intro_resource_usage] TRANSFORMS-bloo = metrics_index_redirect,introspection_resource_usage_metric_name METRIC-SCHEMA-TRANSFORMS = metric-schema:introspection_resource_usage #Log to metrics source types for CSV, JSON, KeyValue [log2metrics_csv] DATETIME_CONFIG = INDEXED_EXTRACTIONS = csv LINE_BREAKER = ([\r\n]+) METRIC-SCHEMA-TRANSFORMS = metric-schema:log2metrics_default_csv NO_BINARY_CHECK = true category = Log to Metrics pulldown_type = 1 description = Comma-separated value format. Log-to-metrics processing converts the numeric values in csv events into metric data points. [log2metrics_json] DATETIME_CONFIG = INDEXED_EXTRACTIONS = json LINE_BREAKER = ([\r\n]+) METRIC-SCHEMA-TRANSFORMS = metric-schema:log2metrics_default_json NO_BINARY_CHECK = true category = Log to Metrics pulldown_type = 1 description = JSON-formatted data. Log-to-metrics processing converts the numeric values in json keys into metric data points. [log2metrics_keyvalue] DATETIME_CONFIG = LINE_BREAKER = ([\r\n]+) METRIC-SCHEMA-TRANSFORMS = metric-schema:log2metrics_default_keyvalue NO_BINARY_CHECK = true TRANSFORMS-EXTRACT = metrics_field_extraction category = Log to Metrics pulldown_type = 1 description = '=' formatted data. Log-to-metrics processing converts the keys with numeric values into metric data points.