Splunk Inc.
Generating structured metrics from log data

Abstract:

The disclosed technique can be performed by a data intake and query system. The technique includes ingesting data including log data obtained over a network from systems, and receiving user input indicating a scope for retrieving data and a criterion expressed in a structured language. The technique further includes retrieving data based on the scope indicated by the user input and extracting a first field value and a second field value from the retrieved data based on the criterion and the scope. The first field value includes a first numerical value indicative of a measured characteristic of a computing device and the second field value includes a first dimension. The technique further includes storing a first structured metric and the first dimension in a time-series metrics store. The first structured metric includes the first numerical value. The first dimension is associated with the first numerical value.