fix: replace - with _ for metrics (#1213)

* fix: add option to change "-" to an "_" to be compatible with metric schema in Splunk

* fix: doc fix and docker-compose change

* fix: add docs

* chore: pre-commit run

* doc: refine

* doc: address PR comments, update CHANGELOG

Author: omrozowicz-splunk

CHANGELOG.md

@@ -5,6 +5,7 @@
 ### Changed
 - implemented mTLS for Splunk 10
 - update default microk8s to 1.33
+- introduce `splunkMetricNameHyphenToUnderscore` parameter to make metric names follow Splunk schema
 
 ### Fixed
 

charts/splunk-connect-for-snmp/templates/worker/_helpers.tpl

@@ -152,6 +152,8 @@ Common labels
   value: {{ .Values.splunk.insecureSSL | default "false" | quote }}
 - name: SPLUNK_AGGREGATE_TRAPS_EVENTS
   value: {{ .Values.traps.aggregateTrapsEvents | default "false" | quote }}
+- name: SPLUNK_METRIC_NAME_HYPHEN_TO_UNDERSCORE
+  value: {{ .Values.poller.splunkMetricNameHyphenToUnderscore | default "false" | quote }}
 - name: SPLUNK_HEC_TOKEN
   valueFrom:
     secretKeyRef:

charts/splunk-connect-for-snmp/values.schema.json

@@ -353,6 +353,9 @@
         "metricsIndexingEnabled": {
           "type": "boolean"
         },
+        "splunkMetricNameHyphenToUnderscore": {
+          "type": "boolean"
+        },
         "pollBaseProfiles": {
           "type": "boolean"
         },

charts/splunk-connect-for-snmp/values.yaml

@@ -231,6 +231,10 @@ poller:
   # https://splunk.github.io/splunk-connect-for-snmp/main/microk8s/configuration/poller-configuration/#append-oid-index-part-to-the-metrics
   metricsIndexingEnabled: false
 
+  # Replace "-" in a mib name to "_" to make it compatible to Splunk metric schema
+  # https://help.splunk.com/en/splunk-enterprise/get-data-in/metrics/9.4/introduction-to-metrics/overview-of-metrics
+  splunkMetricNameHyphenToUnderscore: false
+
   # Enable polling base profiles (with IF-MIB and SNMPv2-MIB) from
   # https://github:com/splunk/splunk-connect-for-snmp/blob/main/splunk_connect_for_snmp/profiles/base.yaml
   pollBaseProfiles: true

docker_compose/.env

@@ -39,6 +39,7 @@ SPLUNK_HEC_INDEX_EVENTS=netops
 SPLUNK_HEC_INDEX_METRICS=netmetrics
 SPLUNK_HEC_PATH=/services/collector
 SPLUNK_AGGREGATE_TRAPS_EVENTS=false
+SPLUNK_METRIC_NAME_HYPHEN_TO_UNDERSCORE=false
 IGNORE_EMPTY_VARBINDS=false
 SPLUNK_LOG_INDEX=
 

docker_compose/docker-compose.yaml

@@ -22,6 +22,7 @@ x-splunk_extended_setup: &splunk_extended_setup
   SPLUNK_HEC_INDEX_EVENTS: ${SPLUNK_HEC_INDEX_EVENTS:-netops}
   SPLUNK_HEC_INDEX_METRICS: ${SPLUNK_HEC_INDEX_METRICS:-netmetrics}
   SPLUNK_AGGREGATE_TRAPS_EVENTS: ${SPLUNK_AGGREGATE_TRAPS_EVENTS:-false}
+  SPLUNK_METRIC_NAME_HYPHEN_TO_UNDERSCORE: ${SPLUNK_METRIC_NAME_HYPHEN_TO_UNDERSCORE:-false}
 
 x-workers_general_setup: &workers_general_setup
   SC4SNMP_VERSION: ${SC4SNMP_VERSION:-latest}

docs/dockercompose/5-traps-configuration.md

@@ -1,5 +1,5 @@
 
-Scheduler configuration is stored in the `traps-config.yaml` file. This file has the following sections:
+Traps configuration is stored in the `traps-config.yaml` file. This file has the following sections:
 
 ```yaml
 communities:

docs/dockercompose/6-env-file-configuration.md

@@ -45,36 +45,37 @@ Inside the directory with the docker compose files, there is a `.env`. Variables
 
 ## Splunk instance
 
-| Variable                            | Description                                                                                                                           |
-|-------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------| 
-| `SPLUNK_HEC_HOST`                   | IP address or a domain name of a Splunk instance to send data to                                                                      |
-| `SPLUNK_HEC_PROTOCOL`               | The protocol of the HEC endpoint: `https` or `http`                                                                                   |
-| `SPLUNK_HEC_PORT`                   | The port of the HEC endpoint                                                                                                          |
-| `SPLUNK_HEC_TOKEN`                  | Splunk HTTP Event Collector token                                                                                                     |
-| `SPLUNK_HEC_INSECURESSL`            | Whether to skip checking the certificate of the HEC endpoint when sending data over HTTPS                                             |
-| `SPLUNK_SOURCETYPE_TRAPS`           | Splunk sourcetype for trap events                                                                                                     |
-| `SPLUNK_SOURCETYPE_POLLING_EVENTS`  | Splunk sourcetype for non-metric polling events                                                                                       |
-| `SPLUNK_SOURCETYPE_POLLING_METRICS` | Splunk sourcetype for metric polling events                                                                                           |
-| `SPLUNK_HEC_INDEX_EVENTS`           | Name of the Splunk event index                                                                                                        |
-| `SPLUNK_HEC_INDEX_METRICS`          | Name of the Splunk metrics index                                                                                                      |
-| `SPLUNK_HEC_PATH`                   | Path for the HEC endpoint                                                                                                             |
-| `SPLUNK_AGGREGATE_TRAPS_EVENTS`     | When set to true makes traps events collected as one event inside splunk                                                              |
-| `IGNORE_EMPTY_VARBINDS`             | Details can be found in [empty snmp response message issue](../troubleshooting/polling-issues.md#empty-snmp-response-message-problem) |
-| `SPLUNK_LOG_INDEX`                  | Event index in Splunk where logs from docker containers would be sent                                                                 |
+| Variable                                  | Description                                                                                                                           |
+|-------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------| 
+| `SPLUNK_HEC_HOST`                         | IP address or a domain name of a Splunk instance to send data to                                                                      |
+| `SPLUNK_HEC_PROTOCOL`                     | The protocol of the HEC endpoint: `https` or `http`                                                                                   |
+| `SPLUNK_HEC_PORT`                         | The port of the HEC endpoint                                                                                                          |
+| `SPLUNK_HEC_TOKEN`                        | Splunk HTTP Event Collector token                                                                                                     |
+| `SPLUNK_HEC_INSECURESSL`                  | Whether to skip checking the certificate of the HEC endpoint when sending data over HTTPS                                             |
+| `SPLUNK_SOURCETYPE_TRAPS`                 | Splunk sourcetype for trap events                                                                                                     |
+| `SPLUNK_SOURCETYPE_POLLING_EVENTS`        | Splunk sourcetype for non-metric polling events                                                                                       |
+| `SPLUNK_SOURCETYPE_POLLING_METRICS`       | Splunk sourcetype for metric polling events                                                                                           |
+| `SPLUNK_HEC_INDEX_EVENTS`                 | Name of the Splunk event index                                                                                                        |
+| `SPLUNK_HEC_INDEX_METRICS`                | Name of the Splunk metrics index                                                                                                      |
+| `SPLUNK_HEC_PATH`                         | Path for the HEC endpoint                                                                                                             |
+| `SPLUNK_AGGREGATE_TRAPS_EVENTS`           | When set to true makes traps events collected as one event inside splunk                                                              |
+| `SPLUNK_METRIC_NAME_HYPHEN_TO_UNDERSCORE` | Replaces hyphens with underscores in generated metric names to ensure compatibility with Splunk's metric schema                       |
+| `IGNORE_EMPTY_VARBINDS`                   | Details can be found in [empty snmp response message issue](../troubleshooting/polling-issues.md#empty-snmp-response-message-problem) |
+| `SPLUNK_LOG_INDEX`                        | Event index in Splunk where logs from docker containers would be sent                                                                 |
 
 ## Workers
 
 ### General
-| Variable                     | Description                                                                                                                                          |
-|------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------| 
-| `WALK_RETRY_MAX_INTERVAL`    | Maximum time interval between walk attempts                                                                                                          |
-| `WALK_MAX_RETRIES`           | Maximum number of walk retries                                                                                                                       |
-| `METRICS_INDEXING_ENABLED`   | Details can be found in [append oid index part to the metrics](../microk8s/configuration/poller-configuration.md#append-oid-index-part-to-the-metrics)        |
-| `POLL_BASE_PROFILES`         | Enable polling base profiles (with IF-MIB and SNMPv2-MIB)                                                                                            |
-| `IGNORE_NOT_INCREASING_OIDS` | Ignoring `occurred: OID not increasing` issues for hosts specified in the array, ex: IGNORE_NOT_INCREASING_OIDS=127.0.0.1:164,127.0.0.6              |
-| `WORKER_LOG_LEVEL`           | Logging level of the workers, possible options: DEBUG, INFO, WARNING, ERROR, CRITICAL, or FATAL                                                      |
-| `UDP_CONNECTION_TIMEOUT`     | Timeout in seconds for SNMP operations                                                                                                               |
-| `MAX_OID_TO_PROCESS`         | Sometimes SNMP Agent cannot accept more than X OIDs per once, so if the error "TooBig" is visible in logs, decrease the number of MAX_OID_TO_PROCESS |
+| Variable                     | Description                                                                                                                                            |
+|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------| 
+| `WALK_RETRY_MAX_INTERVAL`    | Maximum time interval between walk attempts                                                                                                            |
+| `WALK_MAX_RETRIES`           | Maximum number of walk retries                                                                                                                         |
+| `METRICS_INDEXING_ENABLED`   | Details can be found in [append oid index part to the metrics](../microk8s/configuration/poller-configuration.md#append-oid-index-part-to-the-metrics) |
+| `POLL_BASE_PROFILES`         | Enable polling base profiles (with IF-MIB and SNMPv2-MIB)                                                                                              |
+| `IGNORE_NOT_INCREASING_OIDS` | Ignoring `occurred: OID not increasing` issues for hosts specified in the array, ex: IGNORE_NOT_INCREASING_OIDS=127.0.0.1:164,127.0.0.6                |
+| `WORKER_LOG_LEVEL`           | Logging level of the workers, possible options: DEBUG, INFO, WARNING, ERROR, CRITICAL, or FATAL                                                        |
+| `UDP_CONNECTION_TIMEOUT`     | Timeout in seconds for SNMP operations                                                                                                                 |
+| `MAX_OID_TO_PROCESS`         | Sometimes SNMP Agent cannot accept more than X OIDs per once, so if the error "TooBig" is visible in logs, decrease the number of MAX_OID_TO_PROCESS   |
 
 ### Worker Poller
 | Variable                            | Description                                                                |

docs/microk8s/configuration/poller-configuration.md

@@ -99,6 +99,67 @@ out of this object:
 }
 ```
 
+### Replace "-" with "_" in metrics name
+
+There is a known issue with metric names that are not following the Splunk metric schema. Read more at [addressing metric naming](../../troubleshooting/general-issues.md#addressing-metric-naming-conflicts-for-splunk-integration).
+To ensure seamless compatibility and avoid potential issues, SC4SNMP provides a configuration option to automatically convert 
+hyphens in metric names to underscores.
+
+You can enable this conversion by setting the `splunkMetricNameHyphenToUnderscore` parameter to `true` within the `poller` section of your SC4SNMP configuration:
+
+```yaml
+poller:
+  splunkMetricNameHyphenToUnderscore: true
+```
+
+Enabling this option transforms metric names from their hyphenated format to an underscore-separated format, aligning them with common Splunk metric naming conventions.
+
+Before conversion (hyphens):
+
+```json
+{
+  "frequency": "60",
+  "ifAdminStatus": "up",
+  "ifAlias": "1",
+  "ifDescr": "GigabitEthernet1",
+  "ifIndex": "1",
+  "ifName": "Gi1",
+  "ifOperStatus": "up",
+  "ifPhysAddress": "0a:aa:ef:53:67:15",
+  "ifType": "ethernetCsmacd",
+  "metric_name:sc4snmp.IF-MIB.ifInDiscards": 0,
+  "metric_name:sc4snmp.IF-MIB.ifInErrors": 0,
+  "metric_name:sc4snmp.IF-MIB.ifInOctets": 1481605109,
+  "metric_name:sc4snmp.IF-MIB.ifOutDiscards": 0,
+  "metric_name:sc4snmp.IF-MIB.ifOutErrors": 0,
+  "metric_name:sc4snmp.IF-MIB.ifOutOctets": 3942570709,
+  "profiles": "TEST"
+}
+```
+
+After conversion (underscores):
+
+```json
+{
+  "frequency": "60",
+  "ifAdminStatus": "up",
+  "ifAlias": "1",
+  "ifDescr": "GigabitEthernet1",
+  "ifIndex": "1",
+  "ifName": "Gi1",
+  "ifOperStatus": "up",
+  "ifPhysAddress": "0a:aa:ef:53:67:15",
+  "ifType": "ethernetCsmacd",
+  "metric_name:sc4snmp.IF_MIB.ifInDiscards": 0,
+  "metric_name:sc4snmp.IF_MIB.ifInErrors": 0,
+  "metric_name:sc4snmp.IF_MIB.ifInOctets": 1481605109,
+  "metric_name:sc4snmp.IF_MIB.ifOutDiscards": 0,
+  "metric_name:sc4snmp.IF_MIB.ifOutErrors": 0,
+  "metric_name:sc4snmp.IF_MIB.ifOutOctets": 3942570709,
+  "profiles": "TEST"
+}
+```
+
 ### Disable automatic polling of base profiles
 
 There are [two profiles](https://github.com/splunk/splunk-connect-for-snmp/blob/main/splunk_connect_for_snmp/profiles/base.yaml) that are being polled by default, so that even without any configuration set up, you can see
@@ -109,7 +170,6 @@ poller:
   pollBaseProfiles: false
 ```
 
-
 ### Configure inventory 
 To update inventory, see [Update Inventory and Profile](#update-inventory).
 

docs/microk8s/configuration/values-params-description.md

@@ -92,14 +92,15 @@ Detailed documentation about configuring:
 
 Detailed documentation about configuring poller can be found in [Poller](poller-configuration.md).
 
-| Variable                 | Description                                                   | Default |
-|--------------------------|---------------------------------------------------------------|---------|
-| `metricsIndexingEnabled` | Appends OID indexes to metrics                                | `false` |
-| `pollBaseProfiles`       | Enables polling base profiles                                 | `true`  |
-| `maxOidToProcess`        | Maximum number of OIDs requested from SNMP Agent at once      | `70`    |
-| `usernameSecrets`        | List of kubernetes secrets name that will be used for polling |         |
-| `inventory`              | List of configuration for polling                             |         |
-| `logLevel`               | Log level for a poller pod                                    | `INFO`  |
+| Variable                             | Description                                                                                                     | Default |
+|--------------------------------------|-----------------------------------------------------------------------------------------------------------------|---------|
+| `metricsIndexingEnabled`             | Appends OID indexes to metrics                                                                                  | `false` |
+| `splunkMetricNameHyphenToUnderscore` | Replaces hyphens with underscores in generated metric names to ensure compatibility with Splunk's metric schema | `false` |
+| `pollBaseProfiles`                   | Enables polling base profiles                                                                                   | `true`  |
+| `maxOidToProcess`                    | Maximum number of OIDs requested from SNMP Agent at once                                                        | `70`    |
+| `usernameSecrets`                    | List of kubernetes secrets name that will be used for polling                                                   |         |
+| `inventory`                          | List of configuration for polling                                                                               |         |
+| `logLevel`                           | Log level for a poller pod                                                                                      | `INFO`  |
 
 ## Worker