Comments

1 comment

  • Avatar
    Ben Newton

    Absolutely. You can set up syslog source (https://service.sumologic.com/ui/help/Default.htm#Configuring_a_Syslog_Source.htm) and point your statsd clients at it. The output looks like this:

    some.count|1|c

    some.timing|100|ms

     

    When you set up the source, make sure to force the timestamp (https://service.sumologic.com/ui/help/Default.htm#Understanding_Time_Stamps.htm) to the servers timezone, since statsd doesnt timestamp its entries. 

    Since the format is straightforward, the keyword search comes in handy. For timings you can do something like:

    _sourceCategory=*statsd* _

    _| keyvalue regex "([a-z.]+?):(\d+?)|ms" "test.time" as test_time


    | timeslice by 1m

    | avg(test_time) by _timeslice

     

    Depending on how you use increment and decrement with statsd, sum can work very well:

    _sourceCategory=*statsd* _

    _| keyvalue regex "([a-z.]+?):(\d+?)|c" "site.logins" as logins


    | timeslice by 1m

    | sum(logins) by _timeslice

    Good luck!

Please sign in to leave a comment.