Trace
  • Dark
    Light

Trace

  • Dark
    Light

Overview

This processor is useful to track events that have a unique ID, as well as clear start and end logs.

  • IDs are typically dynamic fields, such as transaction IDs, trace ID, etc.

Each event's duration is tracked, and the average time (minimum and maximum) are emitted as metrics.

Anomalies are detected based on the average event duration, based on the history of average durations.


Review Sample Configuration

Review the following sample configuration:

traces:
  - name: render-trace
    start_pattern: "rendering job: (?P<ID>[0-9a-fA-F]{8}) started"
    finish_pattern: "rendering job: (?P<ID>[0-9a-fA-F]{8}) finished"
    trigger_thresholds:
      max_duration: 50000 # 50 seconds

Review Parameters

Review the following parameters that you can configure in the Edge Delta App.


name

Required

Enter a descriptive label for this processor.

When you create a workflow, you will use this label to enter your processor into the workflow.

Review the following example:

name: login-trace

start_pattern

Required

Enter a regular expression to match patterns in a string for a successful event.

Review the following example:

start_pattern: "user (?P<ID>[0-9a-fA-F]{8}) logged in"

finish_pattern

Required

Enter a regular expression to match patterns in a string for a failed event.

Review the following example:

finish_pattern: "user (?P<ID>[0-9a-fA-F]{8}) logged out"

interval

Optional

This parameter is a golang duration string that represents the reporting (or rollup) interval for the generated statistics.

The default value is 1m.

Review the following example:

interval: 2m

retention

Optional

This parameter is a golang duration string that represents how far back the agent should look when generating anomaly scores.

The default value is 3h.

Review the following example:

retention: 4h

trigger_thresholds

Optional

The trigger_thresholds parameter is a dictionary type that can specify certain child parameters with specific combinations of thresholds. When a threshold is reached a trigger destination (specified in the corresponding workflow) is notified.

processors:
  <processor type>:
    - name: <processor_name>
      pattern: <regex_pattern> 
      trigger_thresholds:
        <trigger_threshold_parameter>: <integer>

The following thresholds can be configured for trace processors:

max_duration

The max_duration parameter sets the maximum amount of time that an event is allowed to take to complete. If the event does not complete in time the trigger condition is met. It is an integer specified in milliseconds.

anomaly_probability_percentage

The anomaly_probability_percentage parameter sets the threshold for a trigger based on the Edge Delta agent’s confidence that an event is an anomaly. The range is 0-100 where 100 is the highest confidence that an event is an anomaly. There is no default value. It is configured as an integer. See the example implementation in a dimension numeric capture processor.

upper_limit_per_interval

The upper_limit_per_interval parameter sets the maximum number of events within the reporting interval. A higher occurrence would trigger a notification for too many events. It is configured as an integer. See the example implementation in a simple keyword match processor.

lower_limit_per_interval

The lower_limit_per_interval parameter sets the minimum number of events within the reporting interval. A lower occurrence would trigger a notification for not enough events. It is configured as an integer. See the example implementation in a dimension counter processor.

consecutive

The consecutive parameter sets the minimum number of times a threshold must be triggered before an alert is issued. It requires another trigger_threshold parameter to be set for the processor. The default is zero. It is configured as an integer. See the example implementation in a simple keyword match processor.


filters

Optional

Enter an existing filter to add to this processor.

To learn how to create a filter, see Filters.

Review the following example:

filters:
  - extract_severity

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.