![]() Dashboard: it shows what users care most.They are all just “text” data, needed to be parsed/stored/indexed/aggregated and then fetched/searched/charted/analyzed. ![]() Together, these represent the “status” of the target systems so that users can understand whether their systems are healthy or not, and if not, where the problem is and how to resolve it.įrom the system’s perspective, there’s really no difference among these. events: patch applied, application new version deployed, external referral or promotion/campaign (causing traffic surge), security breach … etc.configs: system tunable, application settings … etc.states: cpu, memory, disk, network, performance metrics … etc.I think “ log“ should be a generalized term, including at least: For these actions, the slowest queries.Įnd My Thought Log Management System in General.n lowest actions taking more than t sec.Maximo logs: SessionId -> ActionId/time -> SqlId/time Group (cross-source) events together (transitive or not) for further aggregation. | sort 10 - time Ingestion and CollectorsĪdvanced Query Functions sessionize / transaction ui sessions’ correlations - group by action first then group by session, time rolled up.users and session - timesliced total user and session counts.top mbo count - top N mbo stats with sparkline and avg.slow query by app, object - sorted query stats (avg,min,max) grouped by (app,object).stacked memory available and used - timesliced avg memory used vs totalĪvg(eval(memory_available/1024/1024)) as avg_available,Īvg(eval((memory_total - memory_available)/1024/1024)) as avg_used.memory available - host stats with sparkline, min, max, avg in table format.UI session > 150 - hosts having excessive UI sessions and timesliced.| if (agent matches "*Linux*", "Linux", OS) as OS | if (agent matches "*Win*", "Win", "0") as OS Top operating systems sorted by unique visitors: * | extract "(?\S+?) | sum(size), count by src_ip, _timeslice, agent (Others are mostly achieved using group-by.)ĭaily unique visitors: * | parse using public/apache/access Top operating systems sorted by unique visitors.Guidance and suggestion (common sense and learning)Ī few scenarios requires more than just search with simple aggregation/sort.Once resolution identified, the causality is learned.Easy navigation, ex/inclusion, comparison, annotation.In time, even better before the incidents. ![]() Simple rules, advanced rules with states, really complex rules with lots of calculations … Notification
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |