Hello,
we are testing at Graylog. Faced with the problem of visualizing some messages.
Example, we receive messages from our backup system:“Events: Eventid = {1003306} Occurrencetime = {6 Apr 2020 21:32:12} Eventseverity = {Information} Program = {JobManager} Description = {Backup job [265533] completed. Client [saps4prddb_HANA], Agent Type [SAP HANA], Subclient [default], Backup Level [Full], Objects [3], Failed [0], Duration [00:32:05], Total Size [168.80 GB], Media or Mount Path Used [[simpana] C:\DiskLibrary\Lib01].}”
I would like to build a line graph for each such message using the “Duration” parameter. Large deviations made it possible to determine that there are any problems with the disk subsystem or channel bandwidth. All attempts to build this chart in the dashboard were unsuccessful.What do I need to indicate in the metrics, rows, columns?
Will Graylog be able to solve this problem at all?
Hello,
Can’t anyone help me? I will try to detail the issue.I need to build a bar chart that would reflect the time the backup job was running at a point in time.
It should look something like this
one solution for this is to calculate the seconds as a single number (and not a date object) and build that chart out of this information. AFAIK it is not possible with eh currently given information in that duration field.
You can use this pipeline rule snippet for convert duration to seconds, and than create graph as @jan suggested.
rule "duration"
when
has_field("duration")
then
let parse_duration = regex("([0-9]+):([0-9]+):([0-9]+)", to_string($message.duration), ["hours", "minutes", "seconds"]);
let count_seconds = to_long(parse_duration["seconds"]);
let count_minutes = to_long(parse_duration["minutes"]) * 60;
let count_hours = to_long(parse_duration["hours"]) * 3600;
let duration_sec = count_seconds + count_minutes + count_hours;
set_field("duration_sec", to_long(duration_sec));
end
