Edge Delta Log to Metric Node
2 minute read
Overview
The Log to Metric Node evaluates the body field for matching regex patterns and it generates metrics from the matches. You can configure several options:
-
Name - A descriptive name for the node. This is the name that will appear in Visual Pipelines. It must be unique across all nodes.
-
Pattern - The
patternparameter is used to match log items in thebodyfield. It is specified as a regex expression and it can include a capture group. -
Interval - The
intervalparameter specifies the reporting interval for the statistics that the node will generate. It will collect values for the duration of the interval before calculating metrics such as the average. It is specified as a duration and the default is 1 minute. -
Metric Name - The
metric_nameparameter specifies a custom name for the generated metric. If not specified, the node name is used. -
Retention - The
retentionparameter specifies how far back to look to generate anomaly scores. A short retention period will be more sensitive to spikes in metric values. -
Enabled Stats - The
enabled_statsparameter specifies the statistics that should be reported. Valid options are:count- the number of instances matched.sum- the sum of matched values.avg- the average (mean) matching value.min- the smallest matching value.max- the largest matching value.p25- count of values in the 25th percentile.p75- count of values in the 75th percentile.p95- count of values in the 95th percentile.p99- count of values in the 99th percentile.stddev- the standard deviation.anomaly1- the proprietary Edge Delta anomaly score 1.anomaly2- the proprietary Edge Delta anomaly score 2.anomalymin- the min of anomaly1 and anomaly2. This is useful to reduce the alert noise.
The
count,anomaly1andanomaly2metrics are generated for occurrence captures. Whereascount,min,max,avg,anomaly1andanomaly2metrics are generated for numeric captures.
See the full Log to Metric node specification (Paid Tier).