Metrics and Custom Indices

This section describes how to use Log2Metrics in LOGIQ.

LOGIQ Log2Metrics is a powerful feature that helps you convert your log data into a real-time metric. Using Log2Metrics, you can visualize your log data, plot distributions, create a custom index, and create alerts for events.

Creating a Log2Metric

You can create new metrics from a log line in either the Logs page or the Search page of your LOGIQ UI. To create a new metric, click the three dots on a log line that you want to create a metric for. Doing so opens the options menu, as shown in the following image. From the options menu, click create metric.

The Options Menu

You will now see the Log2Metric modal on the LOGIQ UI. To configure your new metric, fill out the fields in the Log2Metric modal appropriately.

The Log2Metric Modal

The following table describes each of the fields in the Log2Metric modal.

Fields

Description

Name

Name of the Log2Metric

Level

Set the severity level to low, medium, high, or critical.

Group

Select a predefined group or add a new one.

Description

A human-readable description of the Log2Metric.

Namespace

Logs Namespace in which to create the Log2Metric.

Application Match

This is an auto-populated field that is editable. You can use regex to match applications as well.

Labels

Labels for the Log2Metric. This field is not mandatory and can be used to create a group-by expression.

Label for Visualization

Used to visualize data. Visualizations are grouped by the label configured in this field.

Add tags to query

Tags that can be used to filter queries in the UI

You can also click Add more parameters to add more parameters to filter your logs by, as shown in the following image.

The configuration depicted in the image above creates a Log2Metric named ingress_status_codes__e1034e. LOGIQ adds the suffix __e1034 internally as a unique identifier for the Log2Metric. Once the Log2Metric is created, it adds its visualization to your dashboard. The following image depicts the visualization of the newly-created ingress_status_codes__e1034e Log2Metric.

Visualization created by log2metrics

Custom Indices

Log2Metrics definitions also create custom indices that can be used to speed up search. Based on the definition, there can be multiple custom indices. The definition used in the example above creates two custom indices: ingress_status_codes__e1034eand e1034e. You can use both of these indices to search for logs that match the definition. Based on what you enter in the Labels field of the Log2Metric configuration, additional indices may be created. For example, based on the definition used in the example above, if there are logs that match the status code 401 , an additional index is created named ingress_status_codes__e1034e_status_code_401that can be used for searching for occurrences of logs that contain the status code 401.

‚Äč