Home Explore Help
Sign In
SMusatov
/
netdata
mirror of https://github.com/netdata/netdata.git
1
0
Fork 0
Files Wiki
Tree: 63d043ccbc
Branches Tags
netdata
/
health
/
health.d
/
web_log.conf

web_log.conf 6.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198 
  1. 

  2. # unmatched lines
    3. 

  3. 

  4. # the following alarms trigger only when there are enough data.
    5. 

  5. # we assume there are enough data when:
    6. 

  6. #
    7. 

  7. #  $1m_total_requests > 120
    8. 

  8. #
    9. 

  9. # i.e. when there are at least 120 requests during the last minute
    10. 

  10. 

  11.  template: web_log_1m_total_requests
    12. 

  12.        on: web_log.requests
    13. 

  13.     class: Workload
    14. 

  14.      type: Web Server
    15. 

  15. component: Web log
    16. 

  16.    lookup: sum -1m unaligned
    17. 

  17.      calc: ($this == 0)?(1):($this)
    18. 

  18.     units: requests
    19. 

  19.     every: 10s
    20. 

  20.      info: number of HTTP requests in the last minute
    21. 

  21. 

  22.  template: web_log_1m_unmatched
    23. 

  23.        on: web_log.excluded_requests
    24. 

  24.     class: Errors
    25. 

  25.      type: Web Server
    26. 

  26. component: Web log
    27. 

  27.    lookup: sum -1m unaligned of unmatched
    28. 

  28.      calc: $this * 100 / $web_log_1m_total_requests
    29. 

  29.     units: %
    30. 

  30.     every: 10s
    31. 

  31.      warn: ($web_log_1m_total_requests > 120) ? ($this > 1) : ( 0 )
    32. 

  32.     delay: up 1m down 5m multiplier 1.5 max 1h
    33. 

  33.      info: percentage of unparsed log lines over the last minute
    34. 

  34.        to: webmaster
    35. 

  35. 

  36. # -----------------------------------------------------------------------------
    37. 

  37. # high level response code alarms
    38. 

  38. 

  39. # the following alarms trigger only when there are enough data.
    40. 

  40. # we assume there are enough data when:
    41. 

  41. #
    42. 

  42. #  $1m_requests > 120
    43. 

  43. #
    44. 

  44. # i.e. when there are at least 120 requests during the last minute
    45. 

  45. 

  46.  template: web_log_1m_requests
    47. 

  47.        on: web_log.type_requests
    48. 

  48.     class: Workload
    49. 

  49.      type: Web Server
    50. 

  50. component: Web log
    51. 

  51.    lookup: sum -1m unaligned
    52. 

  52.      calc: ($this == 0)?(1):($this)
    53. 

  53.     units: requests
    54. 

  54.     every: 10s
    55. 

  55.      info: number of HTTP requests in the last minute
    56. 

  56. 

  57.  template: web_log_1m_successful
    58. 

  58.        on: web_log.type_requests
    59. 

  59.     class: Workload
    60. 

  60.      type: Web Server
    61. 

  61. component: Web log
    62. 

  62.    lookup: sum -1m unaligned of success
    63. 

  63.      calc: $this * 100 / $web_log_1m_requests
    64. 

  64.     units: %
    65. 

  65.     every: 10s
    66. 

  66.      warn: ($web_log_1m_requests > 120) ? ($this < (($status >= $WARNING ) ? ( 95 ) : ( 85 )) ) : ( 0 )
    67. 

  67.      crit: ($web_log_1m_requests > 120) ? ($this < (($status == $CRITICAL) ? ( 85 ) : ( 75 )) ) : ( 0 )
    68. 

  68.     delay: up 2m down 15m multiplier 1.5 max 1h
    69. 

  69.      info: ratio of successful HTTP requests over the last minute (1xx, 2xx, 304, 401)
    70. 

  70.        to: webmaster
    71. 

  71. 

  72.  template: web_log_1m_redirects
    73. 

  73.        on: web_log.type_requests
    74. 

  74.     class: Workload
    75. 

  75.      type: Web Server
    76. 

  76. component: Web log
    77. 

  77.    lookup: sum -1m unaligned of redirect
    78. 

  78.      calc: $this * 100 / $web_log_1m_requests
    79. 

  79.     units: %
    80. 

  80.     every: 10s
    81. 

  81.      warn: ($web_log_1m_requests > 120) ? ($this > (($status >= $WARNING ) ? (  1 ) : ( 20 )) ) : ( 0 )
    82. 

  82.     delay: up 2m down 15m multiplier 1.5 max 1h
    83. 

  83.      info: ratio of redirection HTTP requests over the last minute (3xx except 304)
    84. 

  84.        to: webmaster
    85. 

  85. 

  86.  template: web_log_1m_bad_requests
    87. 

  87.        on: web_log.type_requests
    88. 

  88.     class: Errors
    89. 

  89.      type: Web Server
    90. 

  90. component: Web log
    91. 

  91.    lookup: sum -1m unaligned of bad
    92. 

  92.      calc: $this * 100 / $web_log_1m_requests
    93. 

  93.     units: %
    94. 

  94.     every: 10s
    95. 

  95.      warn: ($web_log_1m_requests > 120) ? ($this > (($status >= $WARNING)  ? ( 10 ) : ( 30 )) ) : ( 0 )
    96. 

  96.     delay: up 2m down 15m multiplier 1.5 max 1h
    97. 

  97.      info: ratio of client error HTTP requests over the last minute (4xx except 401)
    98. 

  98.        to: webmaster
    99. 

  99. 

  100.  template: web_log_1m_internal_errors
    101. 

  101.        on: web_log.type_requests
    102. 

  102.     class: Errors
    103. 

  103.      type: Web Server
    104. 

  104. component: Web log
    105. 

  105.    lookup: sum -1m unaligned of error
    106. 

  106.      calc: $this * 100 / $web_log_1m_requests
    107. 

  107.     units: %
    108. 

  108.     every: 10s
    109. 

  109.      warn: ($web_log_1m_requests > 120) ? ($this > (($status >= $WARNING)  ? ( 1 ) : ( 2 )) ) : ( 0 )
    110. 

  110.      crit: ($web_log_1m_requests > 120) ? ($this > (($status == $CRITICAL) ? ( 2 ) : ( 5 )) ) : ( 0 )
    111. 

  111.     delay: up 2m down 15m multiplier 1.5 max 1h
    112. 

  112.      info: ratio of server error HTTP requests over the last minute (5xx)
    113. 

  113.        to: webmaster
    114. 

  114. 

  115. # -----------------------------------------------------------------------------
    116. 

  116. # web slow
    117. 

  117. 

  118. # the following alarms trigger only when there are enough data.
    119. 

  119. # we assume there are enough data when:
    120. 

  120. #
    121. 

  121. #  $1m_requests > 120
    122. 

  122. #
    123. 

  123. # i.e. when there are at least 120 requests during the last minute
    124. 

  124. 

  125.  template: web_log_10m_response_time
    126. 

  126.        on: web_log.request_processing_time
    127. 

  127.     class: Latency
    128. 

  128.      type: System
    129. 

  129. component: Web log
    130. 

  130.    lookup: average -10m unaligned of avg
    131. 

  131.     units: ms
    132. 

  132.     every: 30s
    133. 

  133.      info: average HTTP response time over the last 10 minutes
    134. 

  134. 

  135.  template: web_log_web_slow
    136. 

  136.        on: web_log.request_processing_time
    137. 

  137.     class: Latency
    138. 

  138.      type: Web Server
    139. 

  139. component: Web log
    140. 

  140.    lookup: average -1m unaligned of avg
    141. 

  141.     units: ms
    142. 

  142.     every: 10s
    143. 

  143.     green: 500
    144. 

  144.       red: 1000
    145. 

  145.      warn: ($web_log_1m_requests > 120) ? ($this > $green && $this > ($web_log_10m_response_time * 2) ) : ( 0 )
    146. 

  146.      crit: ($web_log_1m_requests > 120) ? ($this > $red   && $this > ($web_log_10m_response_time * 4) ) : ( 0 )
    147. 

  147.     delay: down 15m multiplier 1.5 max 1h
    148. 

  148.      info: average HTTP response time over the last 1 minute
    149. 

  149.   options: no-clear-notification
    150. 

  150.        to: webmaster
    151. 

  151. 

  152. # -----------------------------------------------------------------------------
    153. 

  153. # web too many or too few requests
    154. 

  154. 

  155. # the following alarms trigger only when there are enough data.
    156. 

  156. # we assume there are enough data when:
    157. 

  157. #
    158. 

  158. #  $5m_successful_old > 120
    159. 

  159. #
    160. 

  160. # i.e. when there were at least 120 requests during the 5 minutes starting
    161. 

  161. #      at -10m and ending at -5m
    162. 

  162. 

  163.  template: web_log_5m_successful_old
    164. 

  164.        on: web_log.type_requests
    165. 

  165.     class: Workload
    166. 

  166.      type: Web Server
    167. 

  167. component: Web log
    168. 

  168.    lookup: average -5m at -5m unaligned of success
    169. 

  169.     units: requests/s
    170. 

  170.     every: 30s
    171. 

  171.      info: average number of successful HTTP requests for the 5 minutes starting 10 minutes ago
    172. 

  172. 

  173.  template: web_log_5m_successful
    174. 

  174.        on: web_log.type_requests
    175. 

  175.     class: Workload
    176. 

  176.      type: Web Server
    177. 

  177. component: Web log
    178. 

  178.    lookup: average -5m unaligned of success
    179. 

  179.     units: requests/s
    180. 

  180.     every: 30s
    181. 

  181.      info: average number of successful HTTP requests over the last 5 minutes
    182. 

  182. 

  183.  template: web_log_5m_requests_ratio
    184. 

  184.        on: web_log.type_requests
    185. 

  185.     class: Workload
    186. 

  186.      type: Web Server
    187. 

  187. component: Web log
    188. 

  188.      calc: ($web_log_5m_successful_old > 0)?($web_log_5m_successful * 100 / $web_log_5m_successful_old):(100)
    189. 

  189.     units: %
    190. 

  190.     every: 30s
    191. 

  191.      warn: ($web_log_5m_successful_old > 120) ? ($this > 200 OR $this < 50) : (0)
    192. 

  192.      crit: ($web_log_5m_successful_old > 120) ? ($this > 400 OR $this < 25) : (0)
    193. 

  193.     delay: down 15m multiplier 1.5 max 1h
    194. 

  194.   options: no-clear-notification
    195. 

  195.      info: ratio of successful HTTP requests over over the last 5 minutes, \
    196. 

  196.            compared with the previous 5 minutes \
    197. 

  197.            (clear notification for this alarm will not be sent)
    198. 

  198.        to: webmaster
    199.