Skip to main content

Host Metrics Source

An installed Sumo Logic Collector can collect host metrics pertaining to the local host. The metrics are ingested and become available for metrics visualization. The host metrics are gathered by the open-source SIGAR library

This topic describes how to set up a host metrics Source, and lists the metrics that are collected, and the relevant time intervals. See JSON Parameters for Installed Sources for a list of JSON parameters for this Source.


Host Metrics are available on Collector versions 19.155 and later.

You'll need an installed Collector to set up a host metrics Source. See Installed Collectors for instructions on installing Collectors. After your Collector and Sources are installed, you can install the Host Metrics App with preconfigured searches and Dashboards, to analyze your metrics data.

Permission Requirements

When not using a root or administrator user you need to provide the necessary permissions for the Collector to gain access to your host's metrics data.

  • Linux metrics are fetched from the /proc directory, so a non-root user needs read permission in this directory (and its subdirectories) to collect host metrics.
  • Windows needs the user to be added to the "Performance Monitor Users" local group.

Host Metrics Source on EC2 instances

A host metric source running on an Installed Collector on an AWS EC2 instances will automatically apply the following EC2 tags to the metric it collects:

  • InstanceID
  • Instance type
  • Availability Zone
  • Region
  • AccountID 

Manually Configure a Host Metrics Source

  1. In Sumo Logic select Manage Data > Collection > Collection.

  2. Find the name of the installed collector to which you'd like to add a source. Click Add and then choose Add Source.


  3. Select Host Metrics as the source type.


  4. Set the following:

    • Name. Enter the name you'd like to display for the new Source. Description is optional. Source name metadata is stored in a searchable field called _sourceCategory.

    • Source Host. Enter the host name of the machine from which the metrics will be collected.

    • Source Category. Enter any string to tag the output collected from this Source with searchable metadata. For example, enter firewall to tag all entries from this Source in a field called _sourceCategory. Type _sourceCategory=firewall in the Search field to return results from this Source. For more information, see Metadata Naming Conventions.

    • Fields. Click the +Add Field link to add custom metric metadata. Define the fields you want to associate, providing a name (key) and value for each.

    • Scan Interval. Select the frequency for the Source to scan for host metrics data. Selecting a short interval will increase the message volume and could cause your deployment to incur additional charges. The default is 1 minute.

    • Metrics. Select check boxes for the metrics to collect. By default, all CPU and memory metrics are collected.

      • Select the top level check box to select all metrics in that category. A blue checkmark icon check indicates that the category is selected.
      • To select individual metrics, click the right-facing arrow to expand the category and select the individual metrics. The icon changes to minus , as shown in the screenshot.


  5. When you are finished configuring the Source, click Save.

Collected Metrics

The following tables list the available host metrics.

CPU Metrics

CPU_User%Total system cpu user time
CPU_Sys%Total system cpu kernel time
CPU_Nice%Total system cpu nice time
CPU_Idle%Total system cpu idle time
CPU_IOWait%Total system cpu IO wait time
CPU_Irq%Total system cpu time servicing interrupts
CPU_SoftIrq%Total system cpu time servicing softirqs
CPU_Stolen%Total system cpu involuntary wait time
CPU_LoadAvg_1min*AverageSystem load average for past 1 minute
CPU_LoadAvg_5min*AverageSystem load average for past 5 minutes
CPU_LoadAvg_15min*AverageSystem load average for past 15 minutes
CPU_Total%Total system CPU usage time

Load averages are not available on Windows platform

Memory Metrics

Mem_TotalBytesTotal amount of physical RAM
Mem_FreeBytesThe amount of physical RAM left unused by the system
Mem_UsedBytesTotal used system memory, calculated as
MemTotal - MemFree
This metric includes the space allocated in buffers and in the Page Cache, which can make it appear that a larger portion of physical RAM is being consumed than is actually in use.
Mem_ActualFreeBytesActual total free system memory calculated as:
Mem_Free + Buffers + Cached
Buffers - The amount of physical RAM used for file buffers
Cached - The amount of physical RAM used as cache memory
Mem_ActualUsedBytesActual total used system memory calculated as:
Mem_Total - Mem_Actual_Free
This metric better represents the amount of physical RAM in use than Mem_Used.
Mem_UsedPercent%Percent total used system memory calculated as:
(Mem_Total - Mem_Actual_Free) / Mem_total
Mem_FreePercent%Percent total free system memory
Mem_PhysicalRamBytesSystem random access memory

TCP Metrics

TCP_InboundTotalCountTCP inbound connection count
TCP_OutboundTotalCountTCP outbound connection count
TCP_EstablishedCountTCP established connection count
TCP_ListenCountTCP listen connection count
TCP_IdleCountTCP idle connection count
TCP_ClosingCountTCP closing connection count
TCP_CloseWaitCountTCP close_wait connection count
TCP_CloseCountTCP close connection count
TCP_TimeWaitCountTCP time_wait connection count

Networking Metrics

These have two additional dimensions:

  • Interface: Name of the network interface (example: eth0)
  • Description: Description of the network interface (example: Dual Band Wireless-AC 8265)

Networking metrics are cumulative, so you can use the rate operator to display these metrics as a rate per second

Example: metric=Net_InBytes Interface=eth0 | rate

Net_InPacketsPacketsNumber of received packets
Net_OutPacketsPacketsNumber of sent packets
Net_InBytesBytesNumber of received bytes
Net_OutBytesBytesNumber of sent bytes

Disk Metrics

Disk metrics have two additional dimensions:

  • DevName: Device name, such as the mount name (example: udev)
  • DirName: Directory name, such as the mount directory (example:  /dev)

Disk_ReadsDisk_WritesDisk_ReadBytes, and Disk_WriteBytes are cumulative, so you can use the rate operator to display these metrics as a rate per second.

Example: metric=Disk_WriteBytes | rate

Disk_ReadsOperationsNumber of physical disk reads
Disk_ReadBytesBytesNumber of physical disk bytes read
Disk_WritesOperationsNumber of physical disk writes
Disk_WriteBytesBytesNumber of physical disk bytes written
Disk_QueueOperationsNumber of disk queue operations
Disk_InodesAvailable*NodesNumber of free file nodes
Disk_UsedBytesTotal used bytes on filesystem
Disk_UsedPercent%Percentage of filesystem space used
Disk_AvailableBytesTotal available bytes on filesystem

Disk_InodesAvailable is not available on Windows platform

Time Intervals

The time interval determines how frequently the Source is scanned for metrics data. Sumo Logic supports pre-specified time intervals (10 seconds, 15 seconds, 30 seconds, 1 minute, and 5 minutes).

You can also specify a time interval in JSON by using the interval parameter, as follows:

"interval" : 60000

The JSON parameter is in milliseconds. We recommend 60 seconds (60000 ms) or longer granularity. Specifying a shorter interval will increase the message volume and could cause your deployment to incur additional charges.

AWS Metadata

Collectors running on AWS EC2 instances can optionally collect AWS Metadata such as EC2 tags to make it easier to search for Host Metrics.  For more information, see AWS Metadata Source for Metrics.

Only one AWS Metadata Source for Metrics is required to collect EC2 tags from multiple hosts.

Sumo Logic YouTubeSumo Logic Twitter
Privacy Statement
Terms of Use

Copyright © 2022 by Sumo Logic, Inc.