Hi    

Persona: operators and admins

Problem to solve: The Monitoring Connector Splunk brings a host template App-Monitoring-Splunk-Api-custom which allows to configure search request using Query-Matches-Number template. This service returns the number of response to the request. But there's no way, with this plugin, to get a value calculated by Splunk.
For instance : it'd be useful to monitor ratio of splunk scheduled requests skipped by the scheduler. Proper SPL request exists and return a percentage(index=x blablabla | table skippedRatio). Since the service template counts the number of response, the best one can do is to add condition to the SPL request (index=x blablabla | table skippedRatio | where skippedRatio > y) so that it would generate a response only in case of threshold crossing. It's a shame because threshold is coded in the request, return value can not be historised.

Expected outcome: a Query-Number-Value service template.

Potential solutions: Enrich plugin to get back a pair {fieldName, fieldValue} as long output, and the value as short one. The fieldValue has to be a decimal number to be compared to threshold. The essentials is likely already coded in the plugin, since it's ending each request sent with a "|stats count".
It could also be probably achieved using HTTP collection plugin, but enriching Splunk plugin would probably be welcomed by the Centreon-Splunk community .

Thanks !