TrackMe sourcetypes & metrics
TrackMe generates various events and metrics for the purposes of its activity.
The destination indexes for both events and metrics are entirely configurable, and potentially on a per Virtual Tenant basis.
TrackMe events & sourcetypes
All events are JSON based events, appart from the various logging which are key value based events.
The following event sourcetypes are generated in TrackMe:
Sourcetype |
Purpose |
|---|---|
trackme:state |
TrackMe State events, produced by Entities tracker |
trackme:health |
TrackMe Health events, produced by Health trackers |
trackme:audit |
TrackMe audit events |
trackme:flip |
TrackMe flipping state events |
trackme:notable |
TrackMe notable events produced by the TrackMe notable alert action |
trackme:smart_status |
TrackMe SmartStatus events produced by the TrackMe SmartStatus alert action |
trackme:notable |
TrackMe notable events produced by the TrackMe notable alert action |
TrackMe metrics
TrackMe generates various metric per component, using the following strict convention:
metric_name |
Purpose |
|---|---|
trackme.splk.feeds.* |
Metrics generated by the splk-feeds components (splk-dsm/splk-dhm/splk-mhm) |
trackme.splk.flx.* |
Metrics generated by the splk-flx component |
trackme.splk.cim.* |
Metrics generated by the splk-cim component |