Skip to main content
Sumo Logic

Collect Host Metrics for the Host Metrics App

This procedure explains how to collect metrics from a host machine and ingest them into Sumo Logic for metrics visualization.

Metric Types

Available metrics include:

  • CPU
  • Memory
  • TCP
  • Network
  • Disk

Host metrics are gathered by the open-source SIGAR library.

Prerequisites/Requirements

The Setup Wizard is the recommended method to begin streaming data for host metrics. The wizard also installs the Sumo Logic App for host metrics.

The following sections describe manual setup.

Configure a Collector

Configure an Installed Collector. Collectors can be installed on Linux, Windows, or Mac OS hosts.

Configure a Source

  1. Configure a Host Metrics Source. Choose Add Source and select Host Metrics as the source type.
  2. Configure the Source Fields as follows:
    1. Name. Required. Description is optional. The source name is stored in a searchable field called _sourceName.
    2. Source Host. Enter the host name of the machine from which the metrics will be collected.
    3. Source Category. Required. The Source Category metadata field is a fundamental building block to organize and label Sources. For details see Best Practices.
    4. Scan Interval. Select the frequency for the Source to scan for hostmetrics data. Selecting a short interval will increase the message volume and could cause your deployment to incur additional charges. The default is 1 minute.
    5. Metrics. Select check boxes for the metrics to collect. By default, all CPU and memory metrics are collected. Select the top level check box to select all metrics in that category. A blue checkmark icon icon_blue_checkmark.png indicates that the category is selected. To select individual metrics, click the right-facing arrow to expand the category and select the individual metrics. The icon changes to icon_blue_minus.png, as shown below.
  3. Click Save.

Available Metrics

The following tables list the available host metrics.

CPU Metrics

Metric

Units

Description

CPU_User

%

Total system cpu user time

CPU_Sys

%

Total system cpu kernel time

CPU_Nice

%

Total system cpu nice time

CPU_Idle

%

Total system cpu idle time

CPU_IOWait

%

Total system cpu IO wait time

CPU_Irq

%

Total system cpu time servicing interrupts

CPU_SoftIrq

%

Total system cpu time servicing softirqs

CPU_Stolen

%

Total system cpu involuntary wait time

CPU_LoadAvg_1min*

Average

System load average for past 1 minute

CPU_LoadAvg_5min*

Average

System load average for past 5 minutes

CPU_LoadAvg_15min*

Average

System load average for past 15 minutes

* Load averages are not available on Windows platform

Memory Metrics

Metric

Units

Description

Mem_Total

Bytes

Total amount of physical RAM

Mem_Free

Bytes

The amount of physical RAM left unused by the system

Mem_Used

Bytes

Total used system memory, calculated as 
MemTotal - MemFree

Mem_ActualFree

Bytes

Actual total free system memory calculated as:
Mem_Free + Buffers + Cached
Where
Buffers = The amount of physical RAM used for file buffers
Cached = The amount of physical RAM used as cache memory

Mem_ActualUsed

Bytes

Actual total used system memory

Mem_UsedPercent

%

Percent total used system memory

Mem_FreePercent

%

Percent total free system memory

Mem_PhysicalRam

Bytes

System random access memory

TCP Metrics

Metric

Units

Description

TCP_InboundTotal

Count

TCP inbound connection count

TCP_OutboundTotal

Count

TCP outbound connection count

TCP_Established

Count

TCP established connection count

TCP_Listen

Count

TCP listen connection count

TCP_Idle

Count

TCP idle connection count

TCP_Closing

Count

TCP closing connection count

TCP_CloseWait

Count

TCP close_wait connection count

TCP_Close

Count

TCP close connection count

TCP_TimeWait

Count

TCP time_wait connection count

Networking Metrics

These have one additional dimension:

  • Interface: Name of the network interface (example: eth0)

Networking metrics are cumulative, so you can use the rate operator to display these metrics as a rate per second

Example: metric=Net_InBytes Interface=eth0 | rate

Metric

Units

Description

Net_InPackets

Packets

Number of received packets

Net_OutPackets

Packets

Number of sent packets

Net_InBytes

Bytes

Number of received bytes

Net_OutBytes

Bytes

Number of sent bytes

Disk Metrics

Disk metrics have two additional dimensions:

  • DevName: Device name, such as the mount name (example: udev)
  • DirName: Directory name, such as the mount directory (example:  /dev)

Disk_Reads, Disk_Writes, Disk_ReadBytes, and Disk_WriteBytes are cumulative, so you can use the rate operator to display these metrics as a rate per second.

Example: metric=Disk_WriteBytes | rate

Metric

Units

Description

Disk_Reads

Operations

Number of physical disk reads

Disk_ReadBytes

Bytes

Number of physical disk bytes read

Disk_Writes

Operations

Number of physical disk writes

Disk_WriteBytes

Bytes

Number of physical disk bytes written

Disk_Queue

Operations

Number of disk queue operations

Disk_InodesAvailable*

Nodes

Number of free file nodes

Disk_Used

Bytes

Total used bytes on filesystem

Disk_Available

Bytes

Total available bytes on filesystem

* Disk_InodesAvailable is not available on Windows platform

Time Intervals

The time interval determines how frequently the Source is scanned for metrics data. The Web Application supports pre-specified time intervals (10 seconds, 15 seconds, 30 seconds, 1 minute, and 5 minutes).

You can also specify a time interval in JSON by using the interval parameter, as follows:

   "interval" : 60000

The JSON parameter is in milliseconds. We recommend 60 second (60000 ms) or longer granularity. Specifying a shorter interval will increase the message volume and could cause your deployment to incur additional charges.

AWS Metadata 

Collectors running on AWS EC2 instances can optionally collect AWS Metadata such as EC2 tags to make it easier to search for Host Metrics.  For more information, see AWS Metadata Source for Metrics.

Only one AWS Metadata Source for Metrics is required to collect EC2 tags from multiple hosts.