Metrics Ingest Data Volume Index

The Metrics Data Volume Index is populated with a set of index messages every five minutes. The messages contain information on how much metrics (by data points) your account is ingesting. Each index message includes information based on one of the following Index Source Categories.

Index Log Type Index Source Category
Collector collector_metrics_volume
Source source_metrics_volume
SourceName sourcename_metrics_volume
SourceCategory sourcecategory_metrics_volume
SourceHost sourcehost_metrics_volume

Message Format

The Metrics Data Volume Index messages are JSON formatted messages that contain parent objects for each source data point, and child objects that detail the data points for each parent.

For example, a single message for the Collector volume data may look similar to the following, with collector_X representing the Collector names. The data points values are the aggregated volume for a five minute time period.



Metrics Volume for each category

This example query returns the metrics volume for each Source Category.

_index=sumologic_volume _sourceCategory=sourcecategory_metrics_volume
| parse regex "\"(?<sourcecategory>(?:[^\"]+)|(?:\"\"))\"\:\{\"dataPoints\"\:(?<dp>\d+)\}" multi
| sum(dp) as dp by sourcecategory

Example results:

Volume for each Collector

This example query will return the metrics volume for each Collector.

_index=sumologic_volume _sourceCategory=collector_metrics_volume
| parse regex "\"(?<collector>(?:[^\"]+)|(?:\"\"))\"\:\{\"dataPoints\"\:(?<dp>\d+)\}" multi
| sum(dp) as dp by collector

Example results:

Volume for a specific Collector

The following query returns the metrics volume for a specific Collector. The Collector name can be supplied within a JSON operation to get the child objects for that Collector.

_index=sumologic_volume _sourceCategory=collector_metrics_volume 
| json "nite-receiver-1" as collector_json
| json field=collector_json "dataPoints" as dp
| sum(dp) as dp
| fields dp