Fishing for Wavefront Metrics with Grok Patterns

  • Thus far in our series, we’ve successfully shipped pihole.log lines to a Wavefront proxy in AWS EC2 and verified the proxy’s receipt of the logs. No data from the logs is being passed to Wavefront just yet, so it’s time to take a deeper look at the log contents and extract some data to be used as metrics. We’re looking for time series data (or things we can turn into time series data). Tracking the changes over time and the frequency of those changes could give a great deal of insight.

    In this blog post, we see a glimpse of how to create metrics from logs. The time series metrics analyzed in that post came from parsing the data inside logs sent to a Wavefront proxy. Based on this document, we can leverage our logsIngestion.yaml file (or the yaml file we chose to specify using the logsIngestionConfigFile parameter in wavefront.conf) on the Wavefront proxy and grok patterns to perform this transformation. These grok patterns form a collective set of rules that determine exactly what data is sent from the proxy to our Wavefront instance’s collector gateway and thus will show up in the user interface.

    Get the rest of the post here.