Hi, i am new to graylog,
i am setting up some basic alerts and it work fine, but i am confused on how i annalyze Garbage Collection logs.
I want to create a “long GC time” alert:
Example:
2022-11-05T10:53:34.644+0100: 24.523: Total time for which application threads were stopped: 0.0958816 seconds, Stopping threads took: 0.0012330 seconds
if 0.0958816 greater or equal 0.0200000 send out a warning event.
how do i do that?
excuse me, my English is not good.
thanks
Hi @Hardy ,
welcome to the Graylog Community!
In a first step, you will need to parse the log into machinereadable fields. I assume this text of prosa is in your field “message”.
Create a Grok Pattern catching 0.0958816 in a fileld, e.g. t_stopped. Process it into a pipeline like here and use the function grok() to get the value.
If you have the value in it’s own variable, you can seach for it as written in the search query language.
http_response_code:>400
http_response_code:<400
http_response_code:>=400
http_response_code:<=400
Hi @Hardy,
In order to alert on this value exceeding a threshold, you will need to parse the event as @ihe mentioned, so you can isolate this value.
Once you have done that, you can configure an Event definition, using an Aggregation type event. Define your query and your time ranges, then go down to the aggregation section
Ignore the function drop down, choose the correct parsed field from the second drop down, select the evaluation >= and set the value for .0200000
Finish the definition and save the event. Once you have tested it and are satisfied that it is working properly, then go back an assign a notification if you want one.
That sounds good.
I am in the process of creating a grok filter. I can’t say yet if it will work.
Thank you for the answers.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
