Vinod HC
Reputation: 1627
Riemann + print an event/alert if it occurs more than 2 times in 5min
I am getting logs from logstash and sending messages which contains ERROR to riemann server.
logsash message : message" => "Jul 10 04:34:47 : [ERROR] [host] Sample abc123"
In riemann I need to write a logic to find if the same ERROR occurs more than 2 times for the same sample(i.e sample abc 123) in 5min then I have to alert /print on the console(currently I am trying to print to test)
below is my logic to achieve this, currently it prints only nil and not the message, can some one please help me here.
(by [:message]
;; over time windows of 5 seconds...
(fixed-time-window 5
;; calculate the average value of the metric and emit an average (summary) event
(combine folds/mean
;; collect the summary event over the last 3 fixed-time-windows
(moving-event-window 2
;;find the summary event with the minimum average metric
(combine folds/minimum
(where (> metric 2.0)
prn
;;(email "xyz")
)
)
)
)
)
)
(It prints message every 2sec, if I use just fixed-time-window and nothing else but I want to print only if same sample occurs 2times in 5min)
Riemann event for example:
:service "logstash",
:time 1468920656,
:state "critical",
:host "0.0.0.0",
:ttl nil,
:message "Jul 11 04:34:47 <hostname>: [ERROR] [xyz] - Sample abc123 causes problem for ...""
Upvotes: 2
Views: 232
Answers (0)
Related Questions
- Time interval in clojurescript using Klipse and Reagent going very (too) fast
- Making a simple countdown timer with Clojure/Reagent
- Counting riemann events in rate function
- ALerting in Riemann?
- How to compare event count value with previous time interval event
- Riemann aggerate some last 10 minutes event and alert error. Which use moving-time-window
- Timers in clojure?
- Count riemann events in given time window
- How to clear up Riemann index when a specific event has been received?
- Comparing event and adding new field in Riemann