Metrics filter stopped working after upgrade to logstash 2.2.x

tetlika · February 21, 2016, 4:14pm

hi,

have anyone faced issue that logstash metrics stopped working after upgrade to 2.2.x?

it does not work both on 2.2.0 and 2.2.2

config is so (see below), also there is another ouptut section (to redis) in another file:

filter {

if [type] == "web_requests" {
    indent preformatted text by 4 spaces`if [response]  =~ /^5\d\d/ or [response]  =~ /^4\d\d/   {
        metrics {
            add_tag => "logstash_alarm"
            meter => "web_errors"
         }
    }
}

}

output {

   if "logstash_alarm" in [tags] and [web_errors.rate_1m] > 1 {
      pagerduty {
        description => "NUMBER OF 5xx ERRORS FATAL"
        details => {
          "timestamp" => "%{@timestamp}"
        }
        service_key => "xxxxxxx"
        incident_key => "logstash/servicename"
      }
    }

}

P.S.

pagerduty ouput works by itself

warkolm · February 21, 2016, 8:15pm

Define stopped working, what is/is not happening, what are you expecting and seeing?

tetlika · February 22, 2016, 6:09am

it means that when condition of metrics filter is met, nothing is happening, I mean of this filter:

filter {

     if [type] == "web_requests" {
        if [response] =~ /^5\d\d/ or [response] =~ /^4\d\d/ {
            metrics {
                add_tag => "logstash_alarm"
                 meter => "web_errors"
            }
         }
    }

 }

also, even if I simplify the rule to this:

 filter {


    metrics {
        add_tag => "logstash_alarm"
        meter => "web_errors"
     }
 }

 output {

     if "logstash_alarm" in [tags] and [web_errors.rate_1m] > 1 {
         pagerduty {
             description => "NUMBER OF 5xx ERRORS FATAL"
             details => {
                 "timestamp" => "%{@timestamp}"
             }
             service_key => "xxxxxxx"
             incident_key => "logstash/servicename"
         }
       }

 }

also nothing is happening (when condition is met)

but if I throw out the filter metrics:

 output {
     pagerduty {
         description => "NUMBER OF 5xx ERRORS FATAL"
         details => {
              "timestamp" => "%{@timestamp}"
          }
         service_key => "xxxxxxx"
         incident_key => "logstash/servicename"
         }

 }

it work by itself, so the problem is in metrics filter, not in pagerduty

Michael_Korbakov · February 26, 2016, 11:43am

You are mistaking in [web_errors.rate_1m] part. Documentation for plugin (https://www.elastic.co/guide/en/logstash/current/plugins-filters-metrics.html) says that in Logstash 2.x [web_errors][rate_1m] must be used instead.

I also suggest to change if [response] =~ /^5\d\d/ or [response] =~ /^4\d\d/ to numerical comparison if possible. Adding :int qualifier to your grok pattern for response should be enough. Check more about type conversions in https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html.

Topic		Replies	Views
Logstash metrics filter not working after logstash 2.2.0 upgrade Logstash	6	1595	July 6, 2017
Metrics filter not working on 5.5 Logstash	1	453	September 12, 2017
Metrics filter plugin: does it work for delayed events? + general questions Logstash	1	326	December 13, 2018
Logstash filter "metrics" is not working! Logstash	6	1080	December 16, 2016
Logstash metric filter - help Logstash	3	665	April 25, 2017

Metrics filter stopped working after upgrade to logstash 2.2.x

Related topics