can searches generate metrics?
somewhat new to sumologic, but i see all sorts of alert-goodness when one has 'metrics' to work with.
i currently have logs to work with, but want to use the metric alert goodness on aggregates or derived metrics from the log data. is that possible?
for example, i'm logging call events with phone numbers and call dispositions, like "BUSY", "COMPLETE", "NO ANSWER".
i can extract the area code from the phone number, and do charting for something like STATUS BY AREACODE BY HOUR. you get the idea.
1:00 BUSY 207 16
1:00 BUSY 814 11
1:00 COMPLETE 207 28
1:00 COMPLETE 814 31
how can i treat the count column that comes back from that search as a metric, and then do metric-y stuff with it (critical thresholds, webhook alerts, etc.)?
want a metric like:
{"time":"1;00", "status":"BUSY", "areacode":"207", "value": "16"}
or something to that effect.
i understand the metric name / parameters will be dynamic (based on stuff in log), but i'd still like to do it and not have to use an integration to a tool like grafana to expose it like a time-series metric.
-
Official comment
Hi David,
We actually have a feature in beta called Logs-to-Metrics that will help you do this! If you're interested in trying that out, send us an email at beta-logs-to-metrics-group@sumologic.com with your organization's name and we'll get you started. Feel free to check out our beta documentation in the meantime as well.
Alternatively, you can use the log query language to create some charts over time based on those counts.
Thanks!
Brian
Comment actions -
well, that looks exactly like what i am asking for! funny how that works.
i do hope that "parse regex field=<field>" is supported - it wasn't listed explicitly.
i'll send the email to get included in the beta.
i do already have charts based on those counts, but charts can only get you so far.
Please sign in to leave a comment.
Comments
2 comments