Custom metrics for log monitoring

You can create a metric to make your current analysis available for charting and API usage. Select the logs that you're interested in. Then use the query language to search for relevant text patterns inside the selected logs that can be used for your custom metric.

DESK monitors and examines both log files that remain on the host system and log files that are stored on the DESK server. A custom metric can be created only for monitored logs (log files that are stored on the DESK server). If you use Log Monitoring as an ad-hoc troubleshooting tool for a specific process or host, you will likely view host-specific logs that haven't been designated for monitoring (i.e., stored). As a result, the custom metric feature isn't available for such logs.

Create metric

You can create a custom metric that identifies pattern matches within the selected logs. When creating metrics, you need to be aware of what type of logs you expect the metric to appear in. Typical logs are based either on hosts or processes.

Custom devices

Creating a metric is possible only for logs that are based on hosts or processes. If your log selection includes a log that's based on a custom device, you have to unselect that log to create a metric.

When creating a custom metric, if your log selection includes both types of logs (host and process), you have to select only one type of log for this metric. By default, the log type with the most log entries is selected.

Change selection

If you change the log selection, make sure you click Display results to refresh the Create metric panel before creating the metric.

Enter the Metric name to have the Metric key for API usage generated automatically based on the metric name. You can modify this metric key. However, once created, the metric key can no longer be changed.

By default, top results limit is set to 100 and it is not configurable.

Metric options

Metrics can be used to create custom charts, create events for alerting, or to be accessed via API.

Create a custom chart

You can use this metric to create a custom chart. When creating a custom chart, select the new custom metric or other metrics related to the processes or hosts you want to monitor. Then select a chart type and aggregation types for the metrics you've selected. You can also make your custom chart tile appear on your dashboard.

See Create custom charts

API URL

Use the metric key for the API to receive either one aggregated data point per series or a list of data points per series.

See Metrics API - GET metric data points

To execute API requests, remember that you need to be authenticated.

See DESK API - Authentication

Manage metrics

Click Manage metrics to view all metrics, including the one you just created. On the Custom metrics overview page, you can examine the used quota and other details regarding the metric. You can also reach the Custom metrics overview page by navigating to Settings > Integration > Custom metrics overview. You can edit an existing metric using the DESK Configuration API. From the user profile menu in the top-right corner, navigate to Configuration API and select Log Monitoring metrics for further options:

To list all custom log metrics configured in your environment, use the GET all metrics API call.
To get the definition of the specified custom log metric, use the GET a metric API call.
To create a new custom metric, use the PUT a metric API call.
To delete the specified custom log metric definition, use DELETE a metric API call.

Example

Suppose you have a number of hosts that generate warnings in logs. Some of the warnings are expected and can be ignored. As a result, there are a number of acceptable warning entries, but you would like to know if the number of warnings increases. You have decided to create a warning metric for your host-generated logs and display a custom chart on your dashboard.

On the Log Monitoring page, click Analyze logs.

Search the log files for a text pattern, select the logs based on host, and then search for a text pattern using the DESK search query language.
For example, search for the warning text pattern.

Click Display results to view matching entries for the text pattern. A metric can now be created for this text pattern.

Click Create metric and give the new metric a meaningful name. We'll use os_warning in this example.

Click Create metric and Create a custom chart. This takes you to the Custom chart page.

Using the Custom chart page, you can filter the Log Monitoring category or just search for the metric you have created.
For example, enter os_warning in the Metric field.

After you have added the new metric to the custom chart, you can modify the look of the chart and add additional metrics.

See Create custom charts

Click Save changes to dashboard to display the chart with your new os_warning metric on a dashboard.

See Create custom dashboards

At this point, you should have a custom chart on your dashboard displaying your new metric. Remember that this new os_warning metric will increase only if any new instances of warning occur in the logs you have selected.