overview
This article is optimized based on the article "IT Operation and Maintenance: Using Honghu to Monitor DELL Servers" (hereinafter referred to as the original text). The main optimization part includes how to perform field extraction and the display of charts after the server log enters Honghu.
-
Field extraction: from the original method of using views to field extraction
-
Chart display: This article will add slightly more complicated statements, such as drilling, and use more chart presentation methods.
prerequisite
There are certain prerequisites for referring to this article, including the following:
Honghu has been installed and can work normally
vector has been installed and configured, and can work normally
The data source type in this article is dell_syslog (Honghu built-in syslog data source type, you can configure dell_syslog according to the properties of syslog). As shown in the example below, the data set is dell_syslog, which can be matched according to your own environment. However, it is recommended to complete the creation of the data source type before syslog import, because the data source type will be changed and bound when the subsequent field processing
If you want to know the detailed installation and configuration of Honghu vector, please refer to the original text of "IT Operation and Maintenance: Using Honghu to Monitor DELL Servers" .
Collect syslog data
TIPS: 2.10.0 and later versions support page configuration syslog to receive data. Simplifies the configuration of syslog data collection.
Create data set dell_syslog
Create a data source type dell_syslog and configure it according to the built-in syslog
Configure syslog, data import > collect syslog data >
The port defaults to 30131-30133 and is optional (note: the sending device must specify the port and protocol for configuration sending, which should be consistent with Honghu’s)
Dataset and data source type: After the above creation in advance, you can choose from the drop-down
Steps
field extraction
Raw log analysis
Before field extraction, we need to look at the original log and analyze it
Through the query, you can see that the original log format is as follows. After analyzing it, it is found that the log format is not JSON, key-value, and is suitable for regular extraction.
regular extraction
Extract new fields
Select data source type, select data sample
Select the extraction rule: regular extraction, edit the regular expression, and fill in the following extraction rules
TIPS: Generally speaking, this regular expression is versatile. You can verify the regular expression on regex101. If it fails to match, it is usually because the field rules matching the host name need to be adjusted.
Name and save the rule to complete the extraction.
Chart display
The dashboard can be imported directly, and I will attach my dashboard at the bottom. If your dataset name is different from mine, you need to change the dataset name.
If the data set names are inconsistent, the following picture will appear
Modify the dataset operation method:
Dashboard > Edit >
Click sql, replace dell_syslog with your data set name, and click OK. Change chart by chart.
Dashboard import
Create a new dashboard > select the dashboard configuration file > browse and select the dashboard file you need to import
renderings
DELL server dashboard.json (9KB)
(For specific content, please join the Honghu technical exchange group and obtain it from the knowledge base)