Splunk App for Infrastructure data collection on Search Head
Followed:
https://docs.splunk.com/Documentation/InfraApp/2.0.0/Admin/ManualInstalLinuxUF
Environment:
Search Head 7.3.0
Indexer 7.3.0
Setup:
collectd -> localhost udp port 5000 -> indexer (via system/local/outputs.conf)
Issue:
So data flows from collectd to localhost udp port 5000, verified with tcpdump to include viewing data. Search Head forwards data to the Indexer. Indexer has Add-On as instructed in documentation but get the following error:
Metric value = unset is not valid for source=5000 sourcetype=em_metrics_udp. Metric event data with an invalid metric value would not be indexed. Ensure the input metric data is not malformed.
Thanks.
Jeremy
↧