1
我一直在試圖監視logstash中所有傳入日誌的速率,但它看起來像所採取的度量標準不準確,或者我不能正確理解它們的使用。我獲得了當前1米的日誌率,但從下面的輸出總數中可以看出,我每5秒處理大約400個日誌(當度量刷新時),遠遠超過50-60顯示1米(最終達到75 /分鐘左右)。不準確的Logstash指標{}
我做錯了什麼或者我只是曲解如何度量指標的工作?有什麼方法可以確定我正在處理一個多少個日誌?最終目標是在日誌數量達到特定閾值時能夠發送電子郵件警報。
一些示例輸出:
Rate: 3.5552232445405796 (total: 21)
Rate: 55.24209377983976 (total: 3271)
Rate: 55.24209377983976 (total: 3604)
Rate: 56.150221820257926 (total: 3952)
Rate: 57.24159782479909 (total: 4297)
Rate: 58.29368557326007 (total: 4652)
Rate: 59.27764414700567 (total: 5002)
Rate: 60.086983034562124 (total: 5346)
Rate: 60.78363740637835 (total: 5736)
Rate: 62.17617287257932 (total: 6085)
Rate: 62.83371378453949 (total: 6425)
Rate: 63.21480498894082 (total: 6777)
Rate: 63.83727481327493 (total: 7126)
Rate: 64.37799246428055 (total: 7465)
Rate: 64.65160107994187 (total: 7815)
Rate: 64.99927986102034 (total: 8168)
Rate: 65.73492882556424 (total: 8523)
Rate: 66.02797173674145 (total: 8870)
Rate: 66.32956646456502 (total: 9202)
Rate: 66.4471358386394 (total: 9528)
Rate: 66.58728711873627 (total: 9902)
Rate: 67.05204597974938 (total: 10237)
在濾波器{}
metrics {
meter => "events"
add_tag => "metric"
}
在輸出{}
if "metric" in [tags] {
if [events.rate_1m] >= 1 {
stdout {
codec => line {
format => "Rate: %{events.rate_1m} (total: %{events.count})"
}
}
}
}
這會很有意義。謝謝! –