Scripted Input for RRD database
Overview
Details
This simple script gives you the ability to import RRD database records to Splunk.
RRD database is used by MRTG, collectd, ntop, ganglia, munin and many other monitoring tools to record time series data.
With this add-on, you can use these tools to collect performance data from many nodes, and use Splunk for searching and graphing the collected data.
Customization
Some parameters can be changed by directly editing the script.
See the head part of the scirpt:
FETCH_INTERVAL = 600 # in seconds
STEP = 10
CONSOLIDATION_FUNCTION = "AVERAGE"
TIME_FORMAT = "%Y-%m-%d %H:%M:%S"
FETCH_INTERVAL is the interval you run this script. This value must be the same as the value of "interval" in your input.conf.
STEP is from RRD files. The value to be set varies depending on the creators of the RRD files. To know a value for your RRD file, you can use the following command:
rrdtool info PATH_TO_YOUR_RRD_FILE
This command prints information of your RRD file.
filename = "cpu-system.rrd"
rrd_version = "0003"
step = 10
last_update = 1298883682
header_size = 3504
...
Look at the line that starts with "step =". That is the value to be set to STEP. In this case, it is "10".
CONSOLIDATION_FUNCTION is the function that is applied to values recorded in RRD files to calculate the final input to the script.
TIME_FORMAT controls how the script formats timestamps. Python's strftime-style format string can be used.