Log To Metrics

“Log To Metric” is a feature of InsightFinder which helps you use raw logs and extract meaningful metrics out of it which can then be used to do anomalies detection, root cause analysis and incident prediction.

Lets understand how it works.

You need to have a log project to stream in raw log data.

You have to create a custom metrics project to stream specific metrics data into from above log project.

Once you have the two projects and data in the log project, you can go to “Log To Metrics” section

On the page, click on “Add” and it will open up a pop up like below.

Select JSON flag as “JSON” and specific Metric Project as created in step 2. Selection between JSON and String is based on your log format.

You can use system defined metrics or have user defined ones.

For User-defined, you can add metric name, instance name and filters as required to create metrics out of the logs. Metric name should be one of the numeric field from log. It can be a regex. Instance name can be combination of multiple fields from logs separated by ‘&&’. Filters would be a field from log followed by value in regex format. An example would be

Metric Name – TotalBytes

Instance Name – SourceIP&&Port

Filter – Port=^(443)$

“Count by log entries” would simply get the “Count” for the specific field from the logs for each time interval.

“Count by metric value” would be useful to get the count of a specific field with a specific value from the logs for each time interval.

“Unique count by metric value” would get you the unique count of a specific field with specific value from the logs for each time interval.

Once you have configured it, click ok. If you already have data in the log project you would need to re-run log to metrics from your log project calendar view as shown below.

 

After the re-run finished you would be able to see metrics in the overall line chart page for your metrics project.