diff --git a/alert-policies/nr-logs-summary/logging-nrintegration-errors.yml b/alert-policies/nr-logs-summary/logging-nrintegration-errors.yml new file mode 100644 index 0000000000..d6fa2d41f3 --- /dev/null +++ b/alert-policies/nr-logs-summary/logging-nrintegration-errors.yml @@ -0,0 +1,31 @@ +name: Logging NrIntegration Errors +description: |+ + This alert is triggered when the number of Logging NrIntegrationErrors exceeds 0. + +type: STATIC +nrql: + query: "SELECT count(*) FROM NrIntegrationError WHERE newRelicFeature = 'Logs' FACET message" + +valueFunction: SINGLE_VALUE +terms: + - priority: CRITICAL + operator: ABOVE + threshold: 0 + thresholdDuration: 300 + thresholdOccurrences: ALL + +expiration: + closeViolationsOnExpiration: false + openViolationOnExpiration: false + expirationDuration: null + +signal: + aggregationDelay: 120 + aggregationMethod: EVENT_FLOW + aggregationTimer: null + aggregationWindow: 60 + fillOption: NONE + fillValue: null + slideBy: null + +violationTimeLimitSeconds: 86400 diff --git a/dashboards/nr-logs-summary/nr-logs-summary-apm.png b/dashboards/nr-logs-summary/nr-logs-summary-apm.png new file mode 100644 index 0000000000..c2c2bbebcd Binary files /dev/null and b/dashboards/nr-logs-summary/nr-logs-summary-apm.png differ diff --git a/dashboards/nr-logs-summary/nr-logs-summary-attributes.png b/dashboards/nr-logs-summary/nr-logs-summary-attributes.png new file mode 100644 index 0000000000..a2d284e90c Binary files /dev/null and b/dashboards/nr-logs-summary/nr-logs-summary-attributes.png differ diff --git a/dashboards/nr-logs-summary/nr-logs-summary-errors.png b/dashboards/nr-logs-summary/nr-logs-summary-errors.png new file mode 100644 index 0000000000..18743247f4 Binary files /dev/null and b/dashboards/nr-logs-summary/nr-logs-summary-errors.png differ diff --git a/dashboards/nr-logs-summary/nr-logs-summary-ingest.png b/dashboards/nr-logs-summary/nr-logs-summary-ingest.png new file mode 100644 index 0000000000..2fdca2e15d Binary files /dev/null and b/dashboards/nr-logs-summary/nr-logs-summary-ingest.png differ diff --git a/dashboards/nr-logs-summary/nr-logs-summary.json b/dashboards/nr-logs-summary/nr-logs-summary.json new file mode 100644 index 0000000000..adccb369aa --- /dev/null +++ b/dashboards/nr-logs-summary/nr-logs-summary.json @@ -0,0 +1,1696 @@ +{ + "name": "New Relic Logs Summary", + "description": null, + "pages": [ + { + "name": "Log Ingestion Details", + "description": null, + "widgets": [ + { + "title": "", + "layout": { + "column": 1, + "row": 1, + "width": 3, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.markdown" + }, + "rawConfiguration": { + "text": "![New Relic](https://cdn.bfldr.com/UP6M13EZ/at/cj73bqch9n9jbtkr49fb6x2s/NR_logo_HZ_3-COLOR.eps?auto=webp&format=png)\n# New Relic Log Ingestion Details\n\n* Ingestion Rates, Partition Size, Total Logs\n\n*THE DETAILS IN THIS DASHBOARD ARE ESTIMATES, THE [DATA MANAGEMENT HUB](https://one.newrelic.com/launcher/data-management-nerdlets.data-management-launcher) SHOULD BE USED TO VIEW OFFICIAL INGESTION RATES*\n" + } + }, + { + "title": "", + "layout": { + "column": 4, + "row": 1, + "width": 3, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.markdown" + }, + "rawConfiguration": { + "text": "## New Relic Logs Summary Dashboard \n\n### What information does this dashboard provide?\n1. Estimates on overall ingestion by partition, along with ingest estimates based on various attributes for log type, source, etc.\n2. Breakdown of attributes\n3. APM Logs\n4. Logging related NRIntegration errors\n\n\n#### See the ACTION REQUIRED details --->\nAfter you update the dashboard template variables for partition names and cost per GB you can remove these 3 markdown panels/widgets and customize to your liking." + } + }, + { + "title": "", + "layout": { + "column": 7, + "row": 1, + "width": 3, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.markdown" + }, + "rawConfiguration": { + "text": "# ACTION REQUIRED: \n\n## Edit the *Select Log Partition* Dashboard Variable\n\n1. In [Logs UI](https://one.newrelic.com/launcher/logger.log-launcher), from **Views and partitions -> Select Partitions >** OR **Manage data -> Data Partitions**\n2. Click on `Edit` (pencil icon in upper left) in this dashboard, then click the `Select Log Partition` variable drop down to edit the variable.\n3. Create a comma separated list of all partition names and paste into variable configuration." + } + }, + { + "title": "", + "layout": { + "column": 10, + "row": 1, + "width": 3, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.markdown" + }, + "rawConfiguration": { + "text": "# ACTION REQUIRED: \n\n## Edit the *Cost per GB* Dashboard Variable\n1. Click on `Edit` (pencil icon in upper left) in this dashboard, then click the `Cost per GB` variable drop down to edit the variable.\n2. Update the value available for selection based on your contracted cost per GB of data ingest.\n3. Make it the default value for the variable." + } + }, + { + "title": "Total Logs Ingested", + "layout": { + "column": 1, + "row": 4, + "width": 3, + "height": 2 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT bytecountestimate()/10e8 AS 'Total Logs GB' from {{partition_name}} since 1 hour ago COMPARE WITH 1 week ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Total APM Agent Logs Ingested", + "layout": { + "column": 4, + "row": 4, + "width": 3, + "height": 2 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT bytecountestimate()/10e8 AS 'APM Logs GB' from {{partition_name}} WHERE newrelic.source='logs.APM' since 1 hour ago COMPARE WITH 1 week ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Total Logs", + "layout": { + "column": 7, + "row": 4, + "width": 2, + "height": 2 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "FROM {{partition_name}} SELECT count(*) AS 'Total Logs' SINCE 1 hour AGO COMPARE WITH 1 week ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Log Partition Usage", + "layout": { + "column": 9, + "row": 4, + "width": 4, + "height": 2 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "FROM {{partition_name}} SELECT \n bytecountestimate()/10e8 AS 'Last 24 Hrs (GB)',\n rate(bytecountestimate()/10e8, 1 MONTH) AS '1 Month Projection (GB)',\n round(rate(bytecountestimate()/10e8, 1 MONTH) * {{gb_cost}}, .01) AS '1 Month Projection ($)',\n {{gb_cost}} AS 'Cost per GB ($)'\nFACET eventType() SINCE 24 HOURS AGO COMPARE WITH 1 WEEK AGO" + } + ], + "platformOptions": { + "ignoreTimeRange": true + } + } + }, + { + "title": "Total GB Ingested", + "layout": { + "column": 1, + "row": 6, + "width": 4, + "height": 2 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT bytecountestimate()/10e8 AS 'Partition GB' from {{partition_name}} since 1 hour ago TIMESERIES" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "Total GB Ingested", + "layout": { + "column": 5, + "row": 6, + "width": 4, + "height": 2 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT bytecountestimate()/10e8 AS 'Partition GB' from {{partition_name}} since 1 day ago TIMESERIES" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "Total GB Ingested", + "layout": { + "column": 9, + "row": 6, + "width": 4, + "height": 2 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT bytecountestimate()/10e8 AS 'Partition GB' from {{partition_name}} since 1 week ago TIMESERIES" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "Log Ingest by newrelic.source, plugin.type, logtype", + "layout": { + "column": 1, + "row": 8, + "width": 6, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.table" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) as 'Total Logs', bytecountestimate() / 10e8 as 'Logs GB' from {{partition_name}} facet newrelic.source AS 'newrelic.source', plugin.type, logtype since 1 day ago limit max" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "APM Log ingest by entity.name, newrelic.source", + "layout": { + "column": 7, + "row": 8, + "width": 6, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.table" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) as 'Total Logs', bytecountestimate()/10e8 as 'Logs GB' FROM {{partition_name}} where entity.name is not NULL facet entity.name as Application, newrelic.source limit max since 1 day ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Log Ingest by newrelic.source", + "layout": { + "column": 1, + "row": 12, + "width": 4, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.table" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT bytecountestimate() / 10e8 as 'Logs GB' from {{partition_name}} FACET newrelic.source since 1 day ago " + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Log Ingest by plugin.type ", + "layout": { + "column": 5, + "row": 12, + "width": 4, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.table" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT bytecountestimate() / 10e8 as 'Logs GB' from {{partition_name}} FACET plugin.type since 1 day ago " + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Log Ingest by logtype", + "layout": { + "column": 9, + "row": 12, + "width": 4, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.table" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT bytecountestimate() / 10e8 as 'Logs GB' from {{partition_name}} FACET logtype since 1 day ago " + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + } + ] + }, + { + "name": "Log Attribute Details", + "description": null, + "widgets": [ + { + "title": "", + "layout": { + "column": 1, + "row": 1, + "width": 6, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.markdown" + }, + "rawConfiguration": { + "text": "## Log Attribute Details\n* Unique #, Total by, Total over Time\n" + } + }, + { + "title": "Logs without Hostname", + "layout": { + "column": 7, + "row": 1, + "width": 2, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) AS 'Logs with no hostname' from `Log` where hostname is null since 1 hour ago COMPARE WITH 1 week ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Logs without logtype", + "layout": { + "column": 9, + "row": 1, + "width": 2, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) AS 'Logs with no logtype' from {{partition_name}} where logtype is null since 1 hour ago COMPARE WITH 1 week ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Logs without filePath", + "layout": { + "column": 11, + "row": 1, + "width": 2, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) AS 'Logs with no filePath' from {{partition_name}} where filePath is null since 1 hour ago COMPARE WITH 1 week ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "", + "layout": { + "column": 1, + "row": 2, + "width": 3, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT uniqueCount(logtype) AS 'Unique logtypes' FROM {{partition_name}} SINCE 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "", + "layout": { + "column": 4, + "row": 2, + "width": 3, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT uniqueCount(filePath) AS 'Unique filePaths' FROM {{partition_name}} SINCE 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Unique hosts", + "layout": { + "column": 7, + "row": 2, + "width": 3, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT uniquecount(hostname) AS 'Unique hosts' FROM {{partition_name}} SINCE 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "", + "layout": { + "column": 10, + "row": 2, + "width": 3, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT uniqueCount(level) AS 'Unique Level' FROM {{partition_name}} SINCE 1 day ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Total Logs by logtype (Top 20)", + "layout": { + "column": 1, + "row": 3, + "width": 3, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.bar" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET logtype limit 20 since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Total Logs by filePath (Top 20)", + "layout": { + "column": 4, + "row": 3, + "width": 3, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.bar" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET filePath limit 20 since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Total Logs by hostname (Top 20)", + "layout": { + "column": 7, + "row": 3, + "width": 3, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.bar" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET hostname limit 20 since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Total Logs by level ", + "layout": { + "column": 10, + "row": 3, + "width": 3, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.bar" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET level OR Level OR loglevel OR severity OR errorLevel limit 20 since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Logs by logtype over Time", + "layout": { + "column": 1, + "row": 7, + "width": 3, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET logtype limit max since 1 hour ago TIMESERIES " + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "Logs by filePath over Time", + "layout": { + "column": 4, + "row": 7, + "width": 3, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET filePath TIMESERIES limit max since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "Logs by hostname over Time", + "layout": { + "column": 7, + "row": 7, + "width": 3, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET hostname TIMESERIES limit max since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "Logs by level over Time", + "layout": { + "column": 10, + "row": 7, + "width": 3, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET level OR Level OR loglevel OR severity OR errorLevel TIMESERIES limit max since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "", + "layout": { + "column": 1, + "row": 10, + "width": 3, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT uniqueCount(newrelic.source) AS 'Unique newrelic.source' FROM {{partition_name}} SINCE 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "", + "layout": { + "column": 4, + "row": 10, + "width": 3, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT uniqueCount(plugin.type) AS 'Unique plugin.type' FROM {{partition_name}} SINCE 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "", + "layout": { + "column": 7, + "row": 10, + "width": 3, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT uniquecount(plugin.source) AS 'Unique plugin.source' FROM {{partition_name}} SINCE 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "", + "layout": { + "column": 10, + "row": 10, + "width": 3, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.billboard" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT uniqueCount(fb.input) AS 'FluentBit Input' FROM {{partition_name}} SINCE 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Logs by newrelic.source (Top 20)", + "layout": { + "column": 1, + "row": 11, + "width": 3, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.bar" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "FROM {{partition_name}} SELECT count(*) FACET newrelic.source limit 20 since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Logs by plugin.type (Top 20)", + "layout": { + "column": 4, + "row": 11, + "width": 3, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.bar" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "FROM {{partition_name}} SELECT count(*) FACET plugin.type limit 20 since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Logs by plugin.source (Top 20)", + "layout": { + "column": 7, + "row": 11, + "width": 3, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.bar" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET plugin.source limit 20 since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Logs by FluentBit Input (Top 20)", + "layout": { + "column": 10, + "row": 11, + "width": 3, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.bar" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "FROM {{partition_name}} SELECT count(*) FACET fb.input limit 20 since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "Logs by newrelic.source over Time", + "layout": { + "column": 1, + "row": 15, + "width": 3, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET newrelic.source TIMESERIES limit max since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "Logs by plugin.type over Time", + "layout": { + "column": 4, + "row": 15, + "width": 3, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET plugin.type TIMESERIES limit max since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "Logs by plugin.source over Time", + "layout": { + "column": 7, + "row": 15, + "width": 3, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET plugin.source TIMESERIES limit max since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "Logs by fb.input over Time", + "layout": { + "column": 10, + "row": 15, + "width": 3, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM {{partition_name}} FACET fb.input TIMESERIES limit max since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + } + ] + }, + { + "name": "APM Log Details", + "description": null, + "widgets": [ + { + "title": "", + "layout": { + "column": 1, + "row": 1, + "width": 12, + "height": 1 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.markdown" + }, + "rawConfiguration": { + "text": "## APM Log Details\n* Logs sent via an APM Agent\n* Note that all queries in this tab search the main **Log** partition." + } + }, + { + "title": "APM Logs by entity.name (Top 20)", + "layout": { + "column": 1, + "row": 2, + "width": 4, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.bar" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM Log FACET entity.name WHERE newrelic.source = 'logs.APM' limit 20 since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "APM Logs by entity.name over time", + "layout": { + "column": 5, + "row": 2, + "width": 8, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "FROM Log SELECT count(*) WHERE newrelic.source = 'logs.APM' FACET entity.name TIMESERIES since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "APM Logs Sampling per App", + "layout": { + "column": 1, + "row": 6, + "width": 6, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.table" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT filter(count(newrelic.timeslice.value), WHERE appName LIKE '%' AND metricTimesliceName = 'Supportability/Logging/Forwarding/Seen') AS 'Logs_Generated', filter(count(newrelic.timeslice.value), WHERE appName LIKE '%' AND metricTimesliceName = 'Supportability/Logging/Forwarding/Sent') AS 'Logs_Shipped', filter(count(newrelic.timeslice.value), WHERE appName LIKE '%' AND metricTimesliceName = 'Supportability/Logging/Forwarding/Seen') - filter(count(newrelic.timeslice.value), WHERE appName LIKE '%' AND metricTimesliceName = 'Supportability/Logging/Forwarding/Sent') AS 'Logs_Dropped' FROM Metric WHERE appName LIKE '%' AND metricTimesliceName IN ('Supportability/Logging/Forwarding/Seen', 'Supportability/Logging/Forwarding/Sent') FACET appName LIMIT 25 SINCE 5 minutes ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + }, + { + "title": "APM Logs Dropped per App (Last 1 Day)", + "layout": { + "column": 7, + "row": 6, + "width": 6, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT filter(count(newrelic.timeslice.value), WHERE appName LIKE '%' AND metricTimesliceName = 'Supportability/Logging/Forwarding/Seen') - filter(count(newrelic.timeslice.value), WHERE appName LIKE '%' AND metricTimesliceName = 'Supportability/Logging/Forwarding/Sent') AS 'Logs_Dropped' FROM Metric WHERE appName LIKE '%' AND metricTimesliceName IN ('Supportability/Logging/Forwarding/Seen', 'Supportability/Logging/Forwarding/Sent') FACET appName LIMIT 25 TIMESERIES SINCE 24 hours ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "APM Error Logs by entity.name", + "layout": { + "column": 1, + "row": 9, + "width": 4, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "FROM Log SELECT count(*) WHERE newrelic.source = 'logs.APM' AND level NOT LIKE '%warn%' AND level NOT LIKE '%info%' AND level NOT LIKE '%debug%' FACET level, entity.name TIMESERIES since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "APM Logs by Level", + "layout": { + "column": 5, + "row": 9, + "width": 4, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "FROM Log SELECT count(*) WHERE newrelic.source = 'logs.APM' FACET level TIMESERIES SINCE 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "APM Agent vs. Non-APM Agent Logs", + "layout": { + "column": 9, + "row": 9, + "width": 4, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "FROM Log SELECT count(*) FACET newrelic.source WHERE entity.name LIKE '%' TIMESERIES since 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "Duplicate Log List", + "layout": { + "column": 1, + "row": 12, + "width": 6, + "height": 5 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.table" + }, + "rawConfiguration": { + "dataFormatters": [], + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) AS 'Log_Count' FROM Log WHERE hostname IS NOT NULL FACET hostname, message, newrelic.source LIMIT MAX SINCE 5 minutes ago" + } + ] + } + }, + { + "title": "Apps NOT sending logs via APM Agent", + "layout": { + "column": 7, + "row": 12, + "width": 6, + "height": 5 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.table" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "From Transaction select uniques(appName) where appName not in (from Log select uniques(entity.name) where newrelic.source = 'logs.APM') since 1 hour ago\n" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + } + ] + }, + { + "name": "Log NrIntegration Errors", + "description": null, + "widgets": [ + { + "title": "", + "layout": { + "column": 1, + "row": 1, + "width": 12, + "height": 2 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.markdown" + }, + "rawConfiguration": { + "text": "## Log NrIntegration Errors\n* [Use NrIntegrationError event to understand data ingest problems](https://docs.newrelic.com/docs/data-apis/manage-data/nrintegrationerror/)\n* **Best practice:** Create an Alert to notify you of any Logging NrIntegration Errors. A pre-built alert is included with this quickstart." + } + }, + { + "title": "Logs NrIntegrationErrors (Last 1h)", + "layout": { + "column": 1, + "row": 3, + "width": 6, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM NrIntegrationError WHERE newRelicFeature = 'Logs' FACET message timeseries SINCE 1 hour ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "Logs NrIntegrationErrors (Last 1d)", + "layout": { + "column": 7, + "row": 3, + "width": 6, + "height": 3 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.line" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "legend": { + "enabled": true + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM NrIntegrationError WHERE newRelicFeature = 'Logs' FACET message timeseries SINCE 1 day ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + }, + "yAxisLeft": { + "zero": true + } + } + }, + { + "title": "Total Logs NrIntegrationErrors (Last 1d)", + "layout": { + "column": 1, + "row": 6, + "width": 12, + "height": 4 + }, + "linkedEntityGuids": null, + "visualization": { + "id": "viz.table" + }, + "rawConfiguration": { + "facet": { + "showOtherSeries": false + }, + "nrqlQueries": [ + { + "accountId": 0, + "query": "SELECT count(*) FROM NrIntegrationError WHERE newRelicFeature = 'Logs' FACET level, name, message SINCE 1 day ago" + } + ], + "platformOptions": { + "ignoreTimeRange": false + } + } + } + ] + } + ], + "variables": [ + { + "name": "partition_name", + "items": [ + { + "title": null, + "value": "Log" + }, + { + "title": null, + "value": "EDIT & ADD YOUR PARTITIONS" + } + ], + "defaultValues": [ + { + "value": { + "string": "Log" + } + } + ], + "nrqlQuery": null, + "title": "Select Log Partition", + "type": "ENUM", + "isMultiSelection": false, + "replacementStrategy": "IDENTIFIER" + }, + { + "name": "gb_cost", + "items": [ + { + "title": null, + "value": ".25" + }, + { + "title": null, + "value": ".30" + }, + { + "title": null, + "value": ".50" + } + ], + "defaultValues": [ + { + "value": { + "string": ".30" + } + } + ], + "nrqlQuery": null, + "title": "Cost per GB", + "type": "ENUM", + "isMultiSelection": false, + "replacementStrategy": "NUMBER" + } + ] +} \ No newline at end of file diff --git a/quickstarts/nr-logs-summary/config.yml b/quickstarts/nr-logs-summary/config.yml new file mode 100644 index 0000000000..e784f576f3 --- /dev/null +++ b/quickstarts/nr-logs-summary/config.yml @@ -0,0 +1,34 @@ +id: 32f0ff6d-4f4e-420e-a042-c0e71e5252fc +slug: nr-logs-summary +title: New Relic Logs Summary +description: | + This quickstart contains the following: + + A Log Summary Dashboard that includes tabs for: + - Estimates on overall ingestion by partition, along with ingest estimates based on various attributes for log type, source, etc. + - Breakdown of logs by well known attributes such as logtype, filePath, level, etc. + - APM Log details (logs received by our APM agents) + - Logging related NRIntegration errors + + A pre-built alert for Logging NrIntegration Errors + - An alert that fires when a Logging NrIntegration error is detected in a 5m window. + - Modify the threshold based on your environment / preferences. +summary: | + Get better insights into your logs. +level: New Relic +authors: + - Marcel Schlapfer +keywords: + - logs + - APM +dataSourceIds: + - guided-install +documentation: + - name: Get started with log management + url: https://docs.newrelic.com/docs/logs/get-started/get-started-log-management/ + description: Get started with log management +icon: logo.svg +dashboards: + - nr-logs-summary +alertPolicies: + - nr-logs-summary diff --git a/quickstarts/nr-logs-summary/logo.svg b/quickstarts/nr-logs-summary/logo.svg new file mode 100644 index 0000000000..ea60419c6b --- /dev/null +++ b/quickstarts/nr-logs-summary/logo.svg @@ -0,0 +1,13 @@ + + + + + + + + + + + + +