Metrics rules allow organizations to make use of their own metrics structure when specifying metrics queries. A rule is an instruction for parsing an existing metric name so it becomes straightforward to apply Sumo Logic syntax when creating visualizations.
For example, assume that an organization collects the metrics
bytes-infrom instances in their production environment and that the organization’s metrics are named as follows:
The metric names follow these conventions (conventions for your organization might be different):
- The first three dot-separated entries represent the
- For CPU-related metrics, the last dot-separated entry represents the quantity being measured.
bytes-in, the last two entries together represent what’s being measured.
Metric rules provide a mechanism to make this organization structure manifest with a set of key-value pairs. The key-value tags are indexed along with the metric name, making it possible to search the metrics by tags.
Constructing metric rules
Suppose that the organization in the previous example wants to add the following tags for each of the metrics
instance are the second and third part of the metric name, and
what follows the third part. The following rule captures the tagging in a way that is consistent with the metrics naming conventions.
From: prod.*.*.** extract: cluster=$_raw._1 instance=$_raw._2 what=$_raw._3
In this example:
From indicates the source metric.
Extract indicates the matching criteria.
* wildcard matches one or more characters.
.) is a literal separator.
$_ indicates a value match.
3 reflect the order of the tags as they appear in the metrics.
The following table shows the result of applying the rule to a few of the metrics in the example.
|prod.search.server-1.cpu-load|| || || |
|prod.frontend.server-3.cpu-idle|| || || |
|prod.search.server-2.bytes_in/second.m15_rate|| || || |
|prod.search.server-2.bytes_in/second.m10_rate|| || || |
The tag values
bytes_in/second.m10_rate can be broken down further by adding a granularity tag:
From: what=bytes_in/second.m*_rate extract: what=bytes_in/second granularity=$what._1
The following table shows the tag values after applying this rule.
With this structure in mind, you can define metric rules, which then become available for selection on the Metrics page.