Skip to main content
Sumo Logic

Lab 17 - Identify Rate of Change

Similar to logs, metrics have  the usual operators (min, max, sum, count, avg). However, oftentimes, what you want to measure is change.

 

  1. In a new Metrics tab, add a query to search for a count of packets received in the last 60 minutes.

type=packets_received metric=count

  1. To find the difference between one data point and the next, edit your query to show the delta.

type=packets_received metric=count | delta

  1. However, to find the rate of change, in this case, packets received per second, edit your query to:

type=packets_received metric=count | rate

With this last query, you're able to determine if the rate at which packets are being received is increasing gradually or spiking quickly. Identifying an outlier on a rate of change is a better indicator of an impending problem.  

Image of metrics view