0

Since we're already using Graylog (version 2.4.6) as a general purpose logging backend for our project, we thought we might as well also use it to monitor resource use. The three major benefits would be:

  1. No need to change our codebase to add additional libraries.
  2. Easy to create charts and graphs for the metrics we're tracking.
  3. Built-in notifications.

Concretely, we're trying to track how many jobs our various Beanstalk server has in each of its tubes. If a given tube accumulates for than a certain amount of jobs, we would like to be alerted.

Here's a typical message that we're using for a given tube:

{
   "count" => $totalJobsInTube,
   "tube" => $tubeName,
   "env" => $env,
}

I can't think of a way to set up an alert condition in Graylog that allows me to specify a query + which field to look at. The only conditions we have are:

  • Field content alert condition
  • Field aggregation alert condition
  • Message count alert condition
  • Message conditional count alert condition

Can this even be done i Graylog?

Community
  • 1
  • 1
rodrigo-silveira
  • 12,607
  • 11
  • 69
  • 123

1 Answers1

0

Graylog is using Elasticsearch as a backend, which is not a good system for metrics (time series data), it's not efficient and doesn't scale well with time series data. This is the reason that most use another monitoring system for measuring resources and other time series data. It depends on your stack, but there are lots of open source and commercial offerings to do that.

If you wanted to do logs and metrics together I would suggest using open source software the Elasic Stack can do both, but that is only my reccomendation if you have limited numbers of metrics. Splunk and SumoLogic can also do logs and metrics, but they are not ideal for time series, especially large numbers of them.

Jonah Kowall
  • 577
  • 2
  • 7