Skip to main content
Sumo Logic

Lab 3 - Examine an existing dashboard and query using metadata

Learn  about our new Dashboards (Beta), learn how to edit existing dashboards, and create new ones that can be stack linked for future investigations

Getting Started

With the use of out-of-the-box dashboards installed with our Kubernetes app, the Explore view gives us the ability to traverse the hierarchy and do cross signal correlation across the Kubernetes environment. In this lab, you will be familiarized with our new Dashboards (New), learn how to edit existing dashboards and search for information using metadata.

Examine an existing dashboard

Dashboard (New) is a unique framework that allows you to view logs and metrics data on the same dashboard in an integrated and seamless view. This gives you the same control over how your metrics and log data are visualized. 

  1. First let’s open an Explore tab. On the Home page, click +New.

  2. Select Explore.
    Screen Shot 2019-09-04 at 11.28.44 PM.png

  3. Change your view to the deployment view, under Explore By, click Kubernetes Service View.

  4. Select Kubernetes Deployment View.

  5. Let’s navigate down to a particular dashboard, click prod01.travellogic.info 

  6. Click prod-loggen.
    Screen Shot 2019-09-04 at 11.31.00 PM.png

    Notice that as you clicked on the Explore left navigation pane, that the dashboards have been changing. Let's find out why this happens.

  7. Take a look at our Google apps deployment dashboard, click googleapps.

    Screen Shot 2019-09-04 at 11.40.59 PM.png

  8. At the top of the dashboard. There is a grayed-out section under the Dashboard's name. You will see cluster prod01.travellogic.info, namespace prod-loggen, and deployment googleapps. This section captures and displays the path you traversed to in the hierarchy, using the left navigation pane.

    Screen Shot 2019-09-04 at 11.45.01 PM.png

    These are all key value pairs (aka metadata) that have been passed to the Dashboard (New), acting as filters controlling what the dashboards displays. Our Dashboards (New) are completely customizable to whatever key value pairs you would like to use as filters. You can even trigger off of your own metadata.

  9. Click the lower details icon at the top right of the dashboard and Select Open in Dashboards (New).

    Screen Shot 2019-09-08 at 12.51.19 PM.png


    The dashboard we had just navigated to, called Kubernetes - Deployment Overview, will open in a Dashboard (New) tab. This is how you open an existing dashboard.

    Dashboard.png

  10. From here you can make edits to the dashboard. Hover (or click) in Pods Running and select the 3 details icon at the top right of the panel, click Open in Metrics.

  11. Screen Shot 2020-01-30 at 4.24.04 PM.png

  12. This is the underlying query used to generate the panel. If desired, you can make edits to existing panels and save. For more information see lab Part 5: Modify your dashboard to do so.

Searching using the Structured Query Builder in Dashboards (New)

Now that you are familiar with the concept of examining a Dashboard (New), let’s use metrics to search for Kubernetes information.

  1. To open a new Dashboard (New), on the Home page, click + New.
  2. Select Dashboard from the drop-down list.
  3. Now let’s add a time series panel. Click Add Panel and select Honeycomb.

      Screen Shot 2020-01-30 at 4.55.27 PM.png

    1. You have the option of selecting either Logs or Metrics. To get to metrics, Click Logs and select Metrics.Screen Shot 2020-07-21 at 1.25.32 PM.png

  4. Let's search for the CPU usage per node for our cluster prod01.travellogic.info using the Structured Query Builder. At the metrics window, inside the Structured Query Builder section at the top,  you will see a From. In the From, enter cluster=prod01.travellogic.info. Notice the look ahead will try to find what you are looking forThis applies the Kubernetes metadata to specifically request a cluster that you will run a search upon.

 Screen Shot 2019-10-07 at 3.11.47 PM.png

  1. Use the Structured Query Builder again, to specify the metric for CPU usage per node. In the get metric, enter  node_cpu_utlisation:avg1m

  2. In the Preview Table you will see any queries that matched to your request.

  3. Click on the Chart tab. You will see the visual giving the pods that contained the metric within that cluster.

Screen Shot 2019-10-07 at 3.17.39 PM.png

  1. What if you wanted to access create a new query builder line? At the right end of the Metrics query, click the plus sign. This will add a query builder line for you.Screen Shot 2020-07-21 at 1.31.40 PM.png
  2. You again have the option to select either Metrics or Logs for your query builder. To toggle back to Logs, Click Metrics and select Logs.Screen Shot 2020-07-21 at 1.34.18 PM.png
  3. Now you have a Logs query builder line available to modify as needed.
  4. What if you wanted to customize the honeycomb visual to be circles and reflect your desired thresholds? Open a new Dashboard (New) click +New. Then select honeycomb.  Screen Shot 2020-07-21 at 1.55.32 PM.png
  5. You can use errors as a keyword to filter incoming logs that contain the keyword error and then aggregate by counting by source hosts using this code for the last 60 minutes and click enter to execute.

errors | count by _sourceHost

Screen Shot 2020-07-21 at 1.53.45 PM.png

  1. You may change the shapes to circles, using the drop down, click Shape, then click Circle. Then select the threshold levels you prefer. Here green is anything below the value of 300, and red is above the value of 501. You may need to hover to see the values of each circle to investigate their values to choose appropriate cutoffs. Screen Shot 2020-07-21 at 2.03.31 PM.png
  2. What if you want to save this chart to a new dashboard? At the top right, click Add Dashboard.

Screen Shot 2020-07-21 at 2.07.41 PM.png

 

  1. A Dashboard (New) tab will open displaying this chart as a panel in a new dashboard. The title of the dashboard by default it time stamped.

Screen Shot 2020-07-21 at 2.14.27 PM.png

  1. You may click and change the title to <your name>lab3 and then click to save the new title. We will learn how to add more panels in the next lab. 

Screen Shot 2020-07-21 at 2.21.12 PM.png

Quiz (True or False?)

  1. Traversing the hierarchy on the left of the Explore tab displays different dashboards which come out-of-the-box configured for Kubernetes components.  

  2. I can’t display logs, metrics, and events all in one Explore tab.

Summary

Congratulations! You’ve completed these tasks in Part 3 of the Kubernetes Hands-on Labs:

  1. Analyzed an existing Kubernetes dashboard.
  2. Using the structured query builder in Dashboard (New).
  3. Learning how to chart in Dashboard (New)
  4. Learn how to save a chart to Dashboard (New)