HI,
I have created grok filters to analyse a number of custom application logs that are being sent to my log server instance.
I now wish to graph the values that are being logged, such that I can then create an alert in my XI instance if values fall outside of defined limits
I can see that its straightforward to graph the number of events that match a particular value, but I have been unable to determine how to graph the values.
For example, a log entry may contain a figure for a round trip time in mSec. This value is recalculated every minute by a number of different servers. I would like to see how the calculated value changes over time for each of the servers being monitored.
Thanks for your help.
graph event values rather than count of events
-
Chris Hardick
- Posts: 33
- Joined: Mon Mar 25, 2019 5:40 am
-
npolovenko
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: graph event values rather than count of events
Hello, @Chris Hardick, Most likely the log entry (mSec) that you want to graph is stored as a string by default.
You'd need a filter to parse out syntax and convert the string to a number. Do you have such filter in place?
Please run this command and upload the /tmp/support.txt file in the thread:
+ Let me know the name exact name of the field you want to monitor.
You'd need a filter to parse out syntax and convert the string to a number. Do you have such filter in place?
Please run this command and upload the /tmp/support.txt file in the thread:
Code: Select all
curl -XGET http://localhost:9200/logstash-2019.03.29/_mapping?pretty > /tmp/support.txtAs of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
Chris Hardick
- Posts: 33
- Joined: Mon Mar 25, 2019 5:40 am
Re: graph event values rather than count of events
Hi. I am still getting to grips with centos and the VM, so I have had no luck in getting the created file out of the VM so that I can then upload it.
However, I did look at the information generated and noted that the field was a string, I have now changed this by varying the grok filter to cast the value as a float. Following some experimentation I can now graph the values in NagiosLS.
However when I use XI to monitor the query, I can only access the number of events, rather than the values of events
I have attached screenshots of the LS query and the XI query.
My aim is to be able to achieve a graph similar to that shown on LS within XI - though it will be of a different attribute, the diskfree is just example information that was readily available to see what was possible.
Thanks
However, I did look at the information generated and noted that the field was a string, I have now changed this by varying the grok filter to cast the value as a float. Following some experimentation I can now graph the values in NagiosLS.
However when I use XI to monitor the query, I can only access the number of events, rather than the values of events
I have attached screenshots of the LS query and the XI query.
My aim is to be able to achieve a graph similar to that shown on LS within XI - though it will be of a different attribute, the diskfree is just example information that was readily available to see what was possible.
Thanks
You do not have the required permissions to view the files attached to this post.
-
npolovenko
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: graph event values rather than count of events
@Chris Hardick, I see. As of right now, it is not possible to build this kind of graph with the Log Server utilization component. The only type of query that is supported is the number of matching entries.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.