Skip to main content
Sumo Logic

Create Metric Rules

Use the metric rules editor to tag metrics with key-value pairs  to ease the process of querying metrics

This page has step-by-step instructions for creating a metric rule using the metric rules editor in the Sumo UI.

The purpose of metric rules is to make it easier to query metrics. You can use metric rules to tag metrics with data derived from the metric identifier. Then, you can use those tags in metric queries, alerts, and dashboard filters.

For a detailed discussion of metric rules, see About Metric Rules.  

To create a metric rule

  1. In the Sumo web app, go to Manage Data > Settings > Metric Rules.

    The Metric Rules page lists the metric rules that have already been defined.
    named-rule.png
  2. To add a new rule, click the plus sign (+) in the upper left of the Metric Rules page.

    The Add Metric Rule popup appears.
    add-metric-rule-empty.png
  3. In the Rule name field, enter a name for the new rule.

  4. In the Metric match expression field, enter one or more expressions that match the identifier of the metrics you want to tag. For example, this match expression:

    collectd.*.*.*.*

    matches Graphite strings in the _rawName field that begin with “collectd”, followed by four dot-separated segments. For example:

    collectd.cqsplitter.stag-cqsplitter-2.GenericJMX-health_jmx-memory.memory-heapmax

    And this match expression:

    _sourceCategory=training/shipping/metrics type=payment

    matches all metrics whose_sourceCategory field is "training/shipping/metrics" and type field is “payment”. The Time Series section of the page lists metrics that match the expression you entered. If no metrics are listed, edit your match expression until matching metrics appear.
    add-metric-rule-with-expression.png
  5. In the Define variables section of the page, for each tag you want to apply to matching metrics, enter a meaningful tag name in the Variable name field on the left. In the Tag sequence field, assign a variable to the tag. There are two different formats for specifying the Tag Sequence.
    • To pull a tag from a dot-delimited string in the metric's _rawName field, use $_1 to extract the first segment of the string,  $_2 to extract the second segment of the string, and so on.  For more information, see Extracting variables from a dot-delimited match expression, in "About Metric Rules".
    • To pull a tag from a dot-delimited string in metric field  other than _rawName field, use $_FieldName_1 to extract the first segment of the string,  $_FieldName_2 to extract the second segment of the string, and so on. For more information, see Extracting variables from a key-value pair match expression, in "About Metric Rules".
  6. Select a metric in the Time Series section to see the values that would be assigned to each extracted tag for the selected metric:

    The entries below show what values would be assigned to the selected metric given the specified Tag Sequences.
    variable-extracton.png
     
  7. Click Save to save your rule. There will be a brief delay, around five minutes, while Sumo re-indexes your metric data, applying the tags that you have specified. The following message appears:
    reindexing1.png

    While the reindexing is in progress, this message will remain at the bottom of the page:
    reindexing2.png

Metric Rules editor error messages

This section describes error messages that can be issued by the Metric Rules Editor.

Error Message Description
Rule $rule matches too many metrics: $count, the limit is $limit. Try narrowing down the selector.

(Where $rule is the string representation of the rule, $count is the number of metrics returned, and $limit is the maximum  number of matching metrics allowed.)
This message appears when you are creating a new metric rule, and too many metrics match the metric match expression. To resolve this error, enter a narrower match expression
Rule update from $oldRule to $newRule matches too many metrics: $count, the limit is $limit. Try narrowing down the selector.

(Where $oldRule is the string representation of the unmodified rule, $newRule is the string representation of the modified rule, $count is the number of metrics returned, and $limit is the maximum  number of matching metrics allowed.)
This message appears when you are updating an existing  metric rule, and too many metrics match the metric match expression. To resolve this error, enter a narrower match expression.
Rule name already exists. This message appears if you try to assign a name that is already assigned to a an existing rule to a different rule. To resolve this error, enter a different rule name.
Rule already exists. This message appears if you try to create a rule that has the same match expression and variable assignment(s) as an existing rule.
$field was needed but not extracted.

(Where $field is a variable that has not been extracted.)
This message appears if you refer to a variable that you have not extracted.
Rules specification field $field starts with underscore.

(Where $field is a variable.)
This message appears if the field name starts with underscore.
Duplicated extraction field. This message appears if you assign multiple values to the same field.