Graphite Source for Metrics

For installed Collectors, a Sumo Logic Graphite Source receives data in the Graphite format sent over a TCP or UDP socket.

The Graphite plaintext protocol follows this format:

<metric path> <metric value> <metric timestamp>

where <metric path> is a dot-separated string, <metric value> is any numeric value, and <metric timestamp> is a UNIX timestamp.

cluster-1.node-1.cpu-1.cpu-idle 97.29 1460061337

To configure a Graphite Source:

  1. Select Manage Data > Collection > Collection (Manage > Collection in the classic UI). 
  2. Find the name of the Installed Collector to which you'd like to add a Source and click Add > Add Source.
  3. Select Graphite for the Source type.
  4. Set the following:
  • Name. Enter the name you'd like to display for the new Source. Description is optional. Source name metadata is stored in a searchable field called _sourceName.
  • Protocol. Select the option that your Graphite-enabled devices are currently using to send syslog data (UDP or TCP).
  • Port. Enter the port number for the Source to listen to. The standard Graphite port is 2003. Make sure the devices are sending to the same port.
  • Source Category. Enter any string to tag the output collected from this Source with searchable metadata. For example, enter firewall to tag all entries from this Source in a field called _sourceCategory. Type _sourceCategory=firewall in the Search field to return results from this Source. For more information, see Metadata Naming Conventions.
  1. When you are finished configuring the Source, click Save.

You can return to this dialog box and edit the settings for the Source at any time.

Choosing TCP or UDP

When you configure a Graphite Source, you must choose a transfer protocol (TCP or UDP). If your Graphite-enabled devices have already been configured using TCP or UDP, choose the same protocol. If you are setting up your devices for the first time, we recommend TCP.

TCP includes a guaranteed delivery mechanism, meaning that all of your logs arrive at the Sumo Logic Collector software in order and without any dropped log messages. The trade-off is that TCP creates more network and CPU overhead than UDP. However, due to its reliability guarantee, TCP is the recommended protocol unless you have network and CPU utilization concerns that you need to work around due to an extremely high volume of log messages.

UDP is a streaming protocol that makes no guarantees of delivery, and as such, log messages may be dropped or arrive out of order. However, in return for this lack of guarantee, UDP does not create the same kind of network and CPU overhead that is created by the TCP protocol. In reality, in most networks, UDP is reliable enough for mission-critical use, however, there may be situations where network traffic storms might cause messages to be dropped or arrive out of order. If this is an unacceptable risk for you, then choose TCP.

Specifying the network interface for a Graphite Source

When configuring a Graphite Source on a computer with multiple network interfaces, you can specify which interface the Collector will bind to. This option is set in the file.

To specify the network interface:

  1. Configure the Graphite Source.
  2. Navigate to collector/config/ Open the file in a text editor.
  3. Add graphite.hostname=your_host_name where your_host_name identifies the network interface you'd like to use.
  4. Save and close the file.