emiller42 / splunk-statsd-backend Goto Github PK
View Code? Open in Web Editor NEWA backend plugin for Statsd to output metrics to the Splunk HTTP Event Collector (HEC)
License: MIT License
A backend plugin for Statsd to output metrics to the Splunk HTTP Event Collector (HEC)
License: MIT License
Hi @emiller42, we recently picked up this backend and have been experimenting sending events from Apache Airflow --> StatsD --> splunk-statsd-backend --> Splunk.
It looks like the JSON events we are sending look like
{"rate":0.2,"count":2,"metricType":"counter","metricName":"airflow.scheduler_heartbeat"}
... whereas the statsd-splunk-backend documentation states that the JSON should look like
{ "time": <timestamp>, "source": "my_source", "sourcetype": "my_sourcetype", "index": "my_index", "event": {...event payload...} }
Questions
If this backend needs to be augmented to accommodate new versions of Splunk, I am happy to do that with a PR. I just want to know if this project is alive though! Thank you
This might be worth replicating.
This project is effectively in maintenance mode, but that is not clearly stated in documentation. Because of this, users (both new and existing) may not have accurate expectations of how the library will be maintained in the future.
The Splunk HEC in version 6.4.0+ supports indexer acknowledgement on HEC data. This allows clients sending data to validate that data was not only received (successful POST) but also successfully processed, and then re-send data that failed to index.
This would potentially add complexity and overhead that may not be worthwhile. Further investigation would be needed.
Hi @emiller42 do you intend to push 0.2.0 to npm?
Thank you
The delimited namespace is really just a carryover from how metrics are sent to graphite. There isn't any real reason we need to maintain the format.
It may be useful to instead break up the namespace into an array of values, which Splunk will see as a multivalued field. So something like:
production.webserver.loadbalancerA.host.responsetime
would turn into something like:
key: [ 'production', 'webserver', 'loadbalancerA', 'host', 'responsetime']
Then in splunk instead of having to search for wildcards which are order dependent ( metricName="production.*.responsetime"
) you could treat them like tags: (key="production" AND key="responsetime"
)
This might be much more friendly to things like Data Models within Splunk.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.