1 comment

  • Avatar
    Ben Newton

    Absolutely. You can set up syslog source ( and point your statsd clients at it. The output looks like this:




    When you set up the source, make sure to force the timestamp ( to the servers timezone, since statsd doesnt timestamp its entries. 

    Since the format is straightforward, the keyword search comes in handy. For timings you can do something like:

    _sourceCategory=*statsd* _

    _| keyvalue regex "([a-z.]+?):(\d+?)|ms" "test.time" as test_time

    | timeslice by 1m

    | avg(test_time) by _timeslice


    Depending on how you use increment and decrement with statsd, sum can work very well:

    _sourceCategory=*statsd* _

    _| keyvalue regex "([a-z.]+?):(\d+?)|c" "site.logins" as logins

    | timeslice by 1m

    | sum(logins) by _timeslice

    Good luck!

    Comment actions Permalink

Please sign in to leave a comment.