Cribl Metric from Windows Pack
Hi Everyone
I am have a strange problem with metric feed from a route that uses the Windows Pack. I currently forward ALL my Cribl metrics via Quickconnect to Splunk and simply add a index and sourcetype field (no other changes).
When run my mstats search on cribl.logstream.route.in_bytes and cribl.logstream.route.out_bytes and split by the route name. The only metric i dont seem to see if the route that uses the Windows pack? I have tested a couple other packs like fortigate and that works. I do however see metrics using cribl.logstream.sourcetype.in_bytes and cribl.logstream.sourcetype.out_bytes when I use event_sourcetype? Find this a bit bizarre?
Thanks
0