我一直在尝试监控logstash中所有传入日志的速率,但看起来所采用的指标是不准确的,或者我不能正确理解它们的使用。我得到了当前1m的日志速率,但从下面输出的总计数中可以看出,我每5秒处理大约400个日志(当度量标准刷新时),这远远超过50-60显示1米(最终达到75 /分钟左右)。
我做错了什么,或者我只是误解了指标的运作方式?有没有办法确定我正在处理一分钟的日志数量?最终目标是能够在日志数量达到特定阈值时发送电子邮件警报。
一些示例输出:
Rate: 3.5552232445405796 (total: 21)
Rate: 55.24209377983976 (total: 3271)
Rate: 55.24209377983976 (total: 3604)
Rate: 56.150221820257926 (total: 3952)
Rate: 57.24159782479909 (total: 4297)
Rate: 58.29368557326007 (total: 4652)
Rate: 59.27764414700567 (total: 5002)
Rate: 60.086983034562124 (total: 5346)
Rate: 60.78363740637835 (total: 5736)
Rate: 62.17617287257932 (total: 6085)
Rate: 62.83371378453949 (total: 6425)
Rate: 63.21480498894082 (total: 6777)
Rate: 63.83727481327493 (total: 7126)
Rate: 64.37799246428055 (total: 7465)
Rate: 64.65160107994187 (total: 7815)
Rate: 64.99927986102034 (total: 8168)
Rate: 65.73492882556424 (total: 8523)
Rate: 66.02797173674145 (total: 8870)
Rate: 66.32956646456502 (total: 9202)
Rate: 66.4471358386394 (total: 9528)
Rate: 66.58728711873627 (total: 9902)
Rate: 67.05204597974938 (total: 10237)
在过滤器{}
中metrics {
meter => "events"
add_tag => "metric"
}
输出{}
if "metric" in [tags] {
if [events.rate_1m] >= 1 {
stdout {
codec => line {
format => "Rate: %{events.rate_1m} (total: %{events.count})"
}
}
}
}