SlideShare a Scribd company logo

Creating aggregated Sensu monitors, or how to monitor a group of monitors

M
Maggie Moreno

Lightning talk from Sensu Summit 2017

Engineering
1 of 23
Download to read offline
Creating aggregated Sensu monitors Or, how to check a group of Sensu checks Maggie Moreno Production Engineer at Tubular Labs maggie@tubularlabs.com August 15, 2017
What is an aggregated Sensu monitor? And why do I care?
How to create aggregated Sensu checks 1. Create queriable logging and metrics store 2. Send Sensu check logs and outputs to the central logging/metrics store 3. Create a tool let a Sensu check alert on a query against those logs 4. Party because now you have all the tools to create an uptime monitor!
1. Create queriable logging and metrics store 2. Send Sensu check logs and outputs to the central logging/metrics store 3. Create a tool let a Sensu check alert on a query against those logs 4. Party because now you have all the tools to create an uptime monitor! How to create aggregated Sensu checks
/usr/local/bin/senseuss monitor_aggregation --index-prefix 'logstash*' --timeframe 'now-5m' --monitors '[ {"name": "app_response_time", "weight": 1}, {"name": "app_api_success_rate", "weight": 1} ]' --critical-value 75 --warning-value 90 --alert-message 'Overall App Upness Score dropped below threshold' --message-expression '"Current Overall App Upness Score at {:.2f}%".format(result["weighted_avg"])' Senseuss
1. Central log/metrics store: Elastic Stack At Tubular, we make heavy use of Elasticsearch, so we have a lot of expertise in that database and related technologies.
Once you can query logs from one source, it makes sense to want to send your Sensu event logs there as well. With Elastic Stack, that was pretty simple-- we just told Filebeat to collect Sensu event logs and added a Logstash filter to parse them. 2. Send Sensu check logs and outputs to the central log/metrics
3. Sensu check to query and alert on logging events The tool that I created for my team is called senseuss. Senseuss lets the user create Sensu checks that define an arbitrary Elasticsearch query and expressions to alert on the results of that query. Image Source: http://vignette1.wikia.nocookie.net/seuss/images/a/ad/Cat-in-the-hat.gif/revision/latest?cb=20121112031951
Why should I care? Sensu checks execute a command and expect a non-arbitrary output Senseuss let's the user • Construct an arbitrary JSON Elasticsearch query from command line arguments • Create expressions to define the way the results of that query should be processed • Add query result into to the alert message for informative check outputs Because our Sensu check output is stored in Elasticsearch with our other logs, we can use this simple tool to query for and alert on any logging event, including the results of other Sensu checks Senseuss
/usr/local/bin/senseuss time_diff --index-prefix 'elasticbeat' --query '_exists_:cluster_stats.Indices.Docs.count AND cluster_stats.cluster_name:falcon' --metric 'cluster_stats.Indices.Docs.count' --aggregation-type 'max' --timeframe 'now-5m' --critical-expression 'result["latest"]["value"] - result["previous"]["value"] <= 0' --warning-expression 'result["latest"]["value"] - result["previous"]["value"] < 10**6' --alert-message 'Document count on ES metrics cluster falcon has fallen below normal levels' --message-expression '"New doc count at {:.4G}".format(result["latest"]["value"] - result["previous"]["value"])' Senseuss
/usr/local/bin/senseuss monitor_aggregation --index-prefix 'logstash*' --timeframe 'now-5m' --monitors '[ {"name": "app_response_time", "weight": 1}, {"name": "app_api_success_rate", "weight": 1} ]' --critical-value 75 --warning-value 90 --alert-message 'Overall App Upness Score dropped below threshold' --message-expression '"Current Overall App Upness Score at {:.2f}%".format(result["weighted_avg"])' Senseuss
{ "query": { "bool": { "filter": { "range": { "@timestamp": { "gte": "now-5m" } } }, "must": { "query_string": { "query": "payload.check.name.raw:(app_api_response_time OR app_api_success_rate)", "analyze_wildcard": true } } } }, "aggs": { "term_agg": { "terms": { "field": "payload.check.name.raw", "size": 2 }, "aggs": { "value_avg": { "avg": { "field": "payload.check.status" } } } } }, "size": 0 }
Recap: How to monitor your monitors 1. Create queriable logging and metrics store • E.g., Elastic stack 2. Send Sensu check logs and outputs to the central logging/metrics store • We used filebeat 3. Create a tool let a Sensu check alert on a query against those logs • Senseuss! 4. Party because now you have all the tools to create an uptime monitor!
Thank you! Maggie Moreno maggie@tubularlabs.com August 15, 2017 Image Source: https://vignette3.wikia.nocookie.net/seuss/images/3/3a/Cat_in_hat_character1.png/revision/latest?cb=20140301070354
Appendix
falcon_new_doc_count_is_low: sensu.manage_senseuss_check: - senseuss: - check_type: time_diff - index_prefix: elasticbeat - query: '_exists_:cluster_stats.Indices.Docs.count AND cluster_stats.cluster_name:falcon' - metric: cluster_stats.Indices.Docs.count - aggregation_type: max - timeframe: now-5m - critical_expression: 'result["latest"]["value"] - result["previous"]["value"] <= 0' - warning_expression: 'result["latest"]["value"] - result["previous"]["value"] < 10**6' - alert_message: 'Document count on ES metrics cluster falcon has fallen below normal levels' - message_expression: '"New doc count at {:.4G}".format(result["latest"]["value"] - result["previous"]["value"])' - handlers: ["high_priority"] - interval: 300 - occurrences: 3 - playbook: "https://tubularlabs.atlassian.net/wiki/display/EN/ELK+Stack+Playbook#ELKStackPlaybook-Logs tashisn'tshippingeventstoElasticSearech"
{ "query": { "bool": { "filter": { "range": { "@timestamp": { "gte": "now-10m" } } }, "must": { "query_string": { "query": "_exists_:cluster_stats.Indices.Docs.count AND cluster_stats.cluster_name:falcon", "analyze_wildcard": true } } } }, "aggs": { "time_diff": { "aggs": { "metric_agg": { "max": { "field": "cluster_stats.Indices.Docs.count" } } }, "filters": { "filters": { "latest": { "range": { "@timestamp": { "gte": "now-5m", "lte": "now" } } }, "previous": { "range": { "@timestamp": { "gte": "now-10m", "lte": "now-5m" } } } } } } }, "size": 0 }
ngfront_sla_overall_upness_score: sensu.manage_senseuss_check: - senseuss: - check_type: monitor_aggregation - index_prefix: "logstash*" - monitors: | [ {"name": "app_api_response_time", "weight": 1}, {"name": "app_api_success_rate", "weight": 1} ] - timeframe: "now-5m" - warning_value: 90 - critical_value: 75 - alert_message: 'Overall App Upness Score dropped below threshold' - message_expression: '"Current Overall App Upness Score at {:.2f}%".format(result["weighted_avg"])' - handlers: ["medium_priority", "app_team"] - interval: 300 - occurrences: 1 - playbook: https://tubularlabs.atlassian.net/wiki/display/EN/NGFront+Playbook
{ "query": { "bool": { "filter": { "range": { "@timestamp": { "gte": "now-5m" } } }, "must": { "query_string": { "query": "payload.check.name.raw:(app_api_response_time OR app_api_success_rate)", "analyze_wildcard": true } } } }, "aggs": { "term_agg": { "terms": { "field": "payload.check.name.raw", "size": 2 }, "aggs": { "value_avg": { "avg": { "field": "payload.check.status" } } } } }, "size": 0 }

Recommended

04 intel v_tune_session_05
04 intel v_tune_session_0504 intel v_tune_session_05
04 intel v_tune_session_05
Vivek chan
 
Practical operability techniques for teams - Matthew Skelton - Agile in the C...
Practical operability techniques for teams - Matthew Skelton - Agile in the C...Practical operability techniques for teams - Matthew Skelton - Agile in the C...
Practical operability techniques for teams - Matthew Skelton - Agile in the C...
Skelton Thatcher Consulting Ltd
 
Practical operability techniques for distributed systems - Velocity EU 2017
Practical operability techniques for distributed systems - Velocity EU 2017Practical operability techniques for distributed systems - Velocity EU 2017
Practical operability techniques for distributed systems - Velocity EU 2017
Skelton Thatcher Consulting Ltd
 
Sumo Logic: Optimizing Scheduled Searches
Sumo Logic: Optimizing Scheduled SearchesSumo Logic: Optimizing Scheduled Searches
Sumo Logic: Optimizing Scheduled Searches
Sumo Logic
 
Server and application monitoring webinars [Applications Manager] - Part 4
Server and application monitoring webinars [Applications Manager] - Part 4Server and application monitoring webinars [Applications Manager] - Part 4
Server and application monitoring webinars [Applications Manager] - Part 4
ManageEngine, Zoho Corporation
 
Practical operability techniques for teams - IPEXPO 2017
Practical operability techniques for teams - IPEXPO 2017Practical operability techniques for teams - IPEXPO 2017
Practical operability techniques for teams - IPEXPO 2017
Skelton Thatcher Consulting Ltd
 
Sql server lesson12
Sql server lesson12Sql server lesson12
Sql server lesson12
Ala Qunaibi
 
Sql server lesson12
Sql server lesson12Sql server lesson12
Sql server lesson12
Ala Qunaibi
 

Recommended

04 intel v_tune_session_05
04 intel v_tune_session_0504 intel v_tune_session_05
04 intel v_tune_session_05
Vivek chan
 
Practical operability techniques for teams - Matthew Skelton - Agile in the C...
Practical operability techniques for teams - Matthew Skelton - Agile in the C...Practical operability techniques for teams - Matthew Skelton - Agile in the C...
Practical operability techniques for teams - Matthew Skelton - Agile in the C...
Skelton Thatcher Consulting Ltd
 
Practical operability techniques for distributed systems - Velocity EU 2017
Practical operability techniques for distributed systems - Velocity EU 2017Practical operability techniques for distributed systems - Velocity EU 2017
Practical operability techniques for distributed systems - Velocity EU 2017
Skelton Thatcher Consulting Ltd
 
Sumo Logic: Optimizing Scheduled Searches
Sumo Logic: Optimizing Scheduled SearchesSumo Logic: Optimizing Scheduled Searches
Sumo Logic: Optimizing Scheduled Searches
Sumo Logic
 
Server and application monitoring webinars [Applications Manager] - Part 4
Server and application monitoring webinars [Applications Manager] - Part 4Server and application monitoring webinars [Applications Manager] - Part 4
Server and application monitoring webinars [Applications Manager] - Part 4
ManageEngine, Zoho Corporation
 
Practical operability techniques for teams - IPEXPO 2017
Practical operability techniques for teams - IPEXPO 2017Practical operability techniques for teams - IPEXPO 2017
Practical operability techniques for teams - IPEXPO 2017
Skelton Thatcher Consulting Ltd
 
Sql server lesson12
Sql server lesson12Sql server lesson12
Sql server lesson12
Ala Qunaibi
 
Sql server lesson12
Sql server lesson12Sql server lesson12
Sql server lesson12
Ala Qunaibi
 
Employment Hero monitoring solution
Employment Hero monitoring solutionEmployment Hero monitoring solution
Employment Hero monitoring solution
Luong Vo
 
User activity analysis
User activity analysis User activity analysis
User activity analysis
Anmol Khurana
 
SFScon 21 - Eduardo Guerra - A Lean Software Analytics Canvas for Agile Small...
SFScon 21 - Eduardo Guerra - A Lean Software Analytics Canvas for Agile Small...SFScon 21 - Eduardo Guerra - A Lean Software Analytics Canvas for Agile Small...
SFScon 21 - Eduardo Guerra - A Lean Software Analytics Canvas for Agile Small...
South Tyrol Free Software Conference
 
Part 1: DRS and DPM Implementation in Virtualized Environment, Part 2: Large ...
Part 1: DRS and DPM Implementation in Virtualized Environment, Part 2: Large ...Part 1: DRS and DPM Implementation in Virtualized Environment, Part 2: Large ...
Part 1: DRS and DPM Implementation in Virtualized Environment, Part 2: Large ...
Akshay Wattal
 
What is going on? Application Diagnostics on Azure - Copenhagen .NET User Group
What is going on? Application Diagnostics on Azure - Copenhagen .NET User GroupWhat is going on? Application Diagnostics on Azure - Copenhagen .NET User Group
What is going on? Application Diagnostics on Azure - Copenhagen .NET User Group
Maarten Balliauw
 
onTune the differences
onTune the differencesonTune the differences
onTune the differences
TeemStone Pty Ltd
 
SensorStudio introduction (IDC 2016)
SensorStudio introduction (IDC 2016)SensorStudio introduction (IDC 2016)
SensorStudio introduction (IDC 2016)
Herve Blanc
 
PuppetConf 2016: Watching the Puppet Show – Sean Porter, Heavy Water Operations
PuppetConf 2016: Watching the Puppet Show – Sean Porter, Heavy Water OperationsPuppetConf 2016: Watching the Puppet Show – Sean Porter, Heavy Water Operations
PuppetConf 2016: Watching the Puppet Show – Sean Porter, Heavy Water Operations
Puppet
 
Amazon quicksight
Amazon quicksightAmazon quicksight
Amazon quicksight
Sivakumar Ramar
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overview
gjuljo
 
Refactoring a web application with Python
Refactoring a web application with PythonRefactoring a web application with Python
Refactoring a web application with Python
Cristian Gonzalez Sanchez
 
Caps a tool for process scheduling
Caps a tool for process schedulingCaps a tool for process scheduling
Caps a tool for process scheduling
eSAT Publishing House
 
Sencha Touch MVC
Sencha Touch MVCSencha Touch MVC
Sencha Touch MVC
Neha Upadhyay
 
Dot Net performance monitoring
Dot Net performance monitoring Dot Net performance monitoring
Dot Net performance monitoring
Kranthi Paidi
 
Websphere doctor - your guide to diagnose issues
Websphere doctor - your guide to diagnose issues Websphere doctor - your guide to diagnose issues
Websphere doctor - your guide to diagnose issues
Joseph's WebSphere Library
 
Sensu @ Yelp!: A Guided Tour
Sensu @ Yelp!: A Guided TourSensu @ Yelp!: A Guided Tour
Sensu @ Yelp!: A Guided Tour
Kyle Anderson
 
How Authentication, Collection & Reporting Strengthen OSINT's Value
How Authentication, Collection & Reporting Strengthen OSINT's ValueHow Authentication, Collection & Reporting Strengthen OSINT's Value
How Authentication, Collection & Reporting Strengthen OSINT's Value
Vere Software
 
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
AlienVault
 
Tips On Trick Odoo Add-On.pptx
Tips On Trick Odoo Add-On.pptxTips On Trick Odoo Add-On.pptx
Tips On Trick Odoo Add-On.pptx
Agusto Sipahutar
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic
 
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdfInvolute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
JNTUA
 
2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge
Paco Orozco
 

More Related Content

Similar to Creating aggregated Sensu monitors, or how to monitor a group of monitors

SFScon 21 - Eduardo Guerra - A Lean Software Analytics Canvas for Agile Small...
SFScon 21 - Eduardo Guerra - A Lean Software Analytics Canvas for Agile Small...SFScon 21 - Eduardo Guerra - A Lean Software Analytics Canvas for Agile Small...
SFScon 21 - Eduardo Guerra - A Lean Software Analytics Canvas for Agile Small...
South Tyrol Free Software Conference
 
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
AlienVault
 

Similar to Creating aggregated Sensu monitors, or how to monitor a group of monitors (20)

Employment Hero monitoring solution
Employment Hero monitoring solutionEmployment Hero monitoring solution
Employment Hero monitoring solution
 
User activity analysis
User activity analysis User activity analysis
User activity analysis
 
SFScon 21 - Eduardo Guerra - A Lean Software Analytics Canvas for Agile Small...
SFScon 21 - Eduardo Guerra - A Lean Software Analytics Canvas for Agile Small...SFScon 21 - Eduardo Guerra - A Lean Software Analytics Canvas for Agile Small...
SFScon 21 - Eduardo Guerra - A Lean Software Analytics Canvas for Agile Small...
 
Part 1: DRS and DPM Implementation in Virtualized Environment, Part 2: Large ...
Part 1: DRS and DPM Implementation in Virtualized Environment, Part 2: Large ...Part 1: DRS and DPM Implementation in Virtualized Environment, Part 2: Large ...
Part 1: DRS and DPM Implementation in Virtualized Environment, Part 2: Large ...
 
What is going on? Application Diagnostics on Azure - Copenhagen .NET User Group
What is going on? Application Diagnostics on Azure - Copenhagen .NET User GroupWhat is going on? Application Diagnostics on Azure - Copenhagen .NET User Group
What is going on? Application Diagnostics on Azure - Copenhagen .NET User Group
 
onTune the differences
onTune the differencesonTune the differences
onTune the differences
 
SensorStudio introduction (IDC 2016)
SensorStudio introduction (IDC 2016)SensorStudio introduction (IDC 2016)
SensorStudio introduction (IDC 2016)
 
PuppetConf 2016: Watching the Puppet Show – Sean Porter, Heavy Water Operations
PuppetConf 2016: Watching the Puppet Show – Sean Porter, Heavy Water OperationsPuppetConf 2016: Watching the Puppet Show – Sean Porter, Heavy Water Operations
PuppetConf 2016: Watching the Puppet Show – Sean Porter, Heavy Water Operations
 
Amazon quicksight
Amazon quicksightAmazon quicksight
Amazon quicksight
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overview
 
Refactoring a web application with Python
Refactoring a web application with PythonRefactoring a web application with Python
Refactoring a web application with Python
 
Caps a tool for process scheduling
Caps a tool for process schedulingCaps a tool for process scheduling
Caps a tool for process scheduling
 
Sencha Touch MVC
Sencha Touch MVCSencha Touch MVC
Sencha Touch MVC
 
Dot Net performance monitoring
Dot Net performance monitoring Dot Net performance monitoring
Dot Net performance monitoring
 
Websphere doctor - your guide to diagnose issues
Websphere doctor - your guide to diagnose issues Websphere doctor - your guide to diagnose issues
Websphere doctor - your guide to diagnose issues
 
Sensu @ Yelp!: A Guided Tour
Sensu @ Yelp!: A Guided TourSensu @ Yelp!: A Guided Tour
Sensu @ Yelp!: A Guided Tour
 
How Authentication, Collection & Reporting Strengthen OSINT's Value
How Authentication, Collection & Reporting Strengthen OSINT's ValueHow Authentication, Collection & Reporting Strengthen OSINT's Value
How Authentication, Collection & Reporting Strengthen OSINT's Value
 
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
Customer Training: Detect and Respond to Threats More Quickly with USM v4.5
 
Tips On Trick Odoo Add-On.pptx
Tips On Trick Odoo Add-On.pptxTips On Trick Odoo Add-On.pptx
Tips On Trick Odoo Add-On.pptx
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
 

Recently uploaded

Electrical shop management system project report.pdf
Electrical shop management system project report.pdfElectrical shop management system project report.pdf
Electrical shop management system project report.pdf
Kamal Acharya
 
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Lovely Professional University
 
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdfONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
MohammadAliNayeem
 
Dairy management system project report..pdf
Dairy management system project report..pdfDairy management system project report..pdf
Dairy management system project report..pdf
Kamal Acharya
 
Paint shop management system project report.pdf
Paint shop management system project report.pdfPaint shop management system project report.pdf
Paint shop management system project report.pdf
Kamal Acharya
 
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdfDR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DrGurudutt
 

Recently uploaded (20)

Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdfInvolute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
 
2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge
 
ROAD CONSTRUCTION PRESENTATION.PPTX.pptx
ROAD CONSTRUCTION PRESENTATION.PPTX.pptxROAD CONSTRUCTION PRESENTATION.PPTX.pptx
ROAD CONSTRUCTION PRESENTATION.PPTX.pptx
 
Low rpm Generator for efficient energy harnessing from a two stage wind turbine
Low rpm Generator for efficient energy harnessing from a two stage wind turbineLow rpm Generator for efficient energy harnessing from a two stage wind turbine
Low rpm Generator for efficient energy harnessing from a two stage wind turbine
 
Electrical shop management system project report.pdf
Electrical shop management system project report.pdfElectrical shop management system project report.pdf
Electrical shop management system project report.pdf
 
Diploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdfDiploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdf
 
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
 
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdfONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
 
solid state electronics ktu module 5 slides
solid state electronics ktu module 5 slidessolid state electronics ktu module 5 slides
solid state electronics ktu module 5 slides
 
"United Nations Park" Site Visit Report.
"United Nations Park" Site Visit Report."United Nations Park" Site Visit Report.
"United Nations Park" Site Visit Report.
 
Research Methodolgy & Intellectual Property Rights Series 2
Research Methodolgy & Intellectual Property Rights Series 2Research Methodolgy & Intellectual Property Rights Series 2
Research Methodolgy & Intellectual Property Rights Series 2
 
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
 
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
 
Dairy management system project report..pdf
Dairy management system project report..pdfDairy management system project report..pdf
Dairy management system project report..pdf
 
Intelligent Agents, A discovery on How A Rational Agent Acts
Intelligent Agents, A discovery on How A Rational Agent ActsIntelligent Agents, A discovery on How A Rational Agent Acts
Intelligent Agents, A discovery on How A Rational Agent Acts
 
KIT-601 Lecture Notes-UNIT-5.pdf Frame Works and Visualization
KIT-601 Lecture Notes-UNIT-5.pdf Frame Works and VisualizationKIT-601 Lecture Notes-UNIT-5.pdf Frame Works and Visualization
KIT-601 Lecture Notes-UNIT-5.pdf Frame Works and Visualization
 
Arduino based vehicle speed tracker project
Arduino based vehicle speed tracker projectArduino based vehicle speed tracker project
Arduino based vehicle speed tracker project
 
Paint shop management system project report.pdf
Paint shop management system project report.pdfPaint shop management system project report.pdf
Paint shop management system project report.pdf
 
Artificial Intelligence Bayesian Reasoning
Artificial Intelligence Bayesian ReasoningArtificial Intelligence Bayesian Reasoning
Artificial Intelligence Bayesian Reasoning
 
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdfDR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
 

Creating aggregated Sensu monitors, or how to monitor a group of monitors

  • 1. Creating aggregated Sensu monitors Or, how to check a group of Sensu checks Maggie Moreno Production Engineer at Tubular Labs maggie@tubularlabs.com August 15, 2017
  • 2. What is an aggregated Sensu monitor? And why do I care?
  • 3.
  • 4. How to create aggregated Sensu checks 1. Create queriable logging and metrics store 2. Send Sensu check logs and outputs to the central logging/metrics store 3. Create a tool let a Sensu check alert on a query against those logs 4. Party because now you have all the tools to create an uptime monitor!
  • 5. 1. Create queriable logging and metrics store 2. Send Sensu check logs and outputs to the central logging/metrics store 3. Create a tool let a Sensu check alert on a query against those logs 4. Party because now you have all the tools to create an uptime monitor! How to create aggregated Sensu checks
  • 6. /usr/local/bin/senseuss monitor_aggregation --index-prefix 'logstash*' --timeframe 'now-5m' --monitors '[ {"name": "app_response_time", "weight": 1}, {"name": "app_api_success_rate", "weight": 1} ]' --critical-value 75 --warning-value 90 --alert-message 'Overall App Upness Score dropped below threshold' --message-expression '"Current Overall App Upness Score at {:.2f}%".format(result["weighted_avg"])' Senseuss
  • 7. 1. Central log/metrics store: Elastic Stack At Tubular, we make heavy use of Elasticsearch, so we have a lot of expertise in that database and related technologies.
  • 8.
  • 9. Once you can query logs from one source, it makes sense to want to send your Sensu event logs there as well. With Elastic Stack, that was pretty simple-- we just told Filebeat to collect Sensu event logs and added a Logstash filter to parse them. 2. Send Sensu check logs and outputs to the central log/metrics
  • 10.
  • 11. 3. Sensu check to query and alert on logging events The tool that I created for my team is called senseuss. Senseuss lets the user create Sensu checks that define an arbitrary Elasticsearch query and expressions to alert on the results of that query. Image Source: http://vignette1.wikia.nocookie.net/seuss/images/a/ad/Cat-in-the-hat.gif/revision/latest?cb=20121112031951
  • 12.
  • 13. Why should I care? Sensu checks execute a command and expect a non-arbitrary output Senseuss let's the user • Construct an arbitrary JSON Elasticsearch query from command line arguments • Create expressions to define the way the results of that query should be processed • Add query result into to the alert message for informative check outputs Because our Sensu check output is stored in Elasticsearch with our other logs, we can use this simple tool to query for and alert on any logging event, including the results of other Sensu checks Senseuss
  • 14. /usr/local/bin/senseuss time_diff --index-prefix 'elasticbeat' --query '_exists_:cluster_stats.Indices.Docs.count AND cluster_stats.cluster_name:falcon' --metric 'cluster_stats.Indices.Docs.count' --aggregation-type 'max' --timeframe 'now-5m' --critical-expression 'result["latest"]["value"] - result["previous"]["value"] <= 0' --warning-expression 'result["latest"]["value"] - result["previous"]["value"] < 10**6' --alert-message 'Document count on ES metrics cluster falcon has fallen below normal levels' --message-expression '"New doc count at {:.4G}".format(result["latest"]["value"] - result["previous"]["value"])' Senseuss
  • 15. /usr/local/bin/senseuss monitor_aggregation --index-prefix 'logstash*' --timeframe 'now-5m' --monitors '[ {"name": "app_response_time", "weight": 1}, {"name": "app_api_success_rate", "weight": 1} ]' --critical-value 75 --warning-value 90 --alert-message 'Overall App Upness Score dropped below threshold' --message-expression '"Current Overall App Upness Score at {:.2f}%".format(result["weighted_avg"])' Senseuss
  • 16. { "query": { "bool": { "filter": { "range": { "@timestamp": { "gte": "now-5m" } } }, "must": { "query_string": { "query": "payload.check.name.raw:(app_api_response_time OR app_api_success_rate)", "analyze_wildcard": true } } } }, "aggs": { "term_agg": { "terms": { "field": "payload.check.name.raw", "size": 2 }, "aggs": { "value_avg": { "avg": { "field": "payload.check.status" } } } } }, "size": 0 }
  • 17. Recap: How to monitor your monitors 1. Create queriable logging and metrics store • E.g., Elastic stack 2. Send Sensu check logs and outputs to the central logging/metrics store • We used filebeat 3. Create a tool let a Sensu check alert on a query against those logs • Senseuss! 4. Party because now you have all the tools to create an uptime monitor!
  • 18. Thank you! Maggie Moreno maggie@tubularlabs.com August 15, 2017 Image Source: https://vignette3.wikia.nocookie.net/seuss/images/3/3a/Cat_in_hat_character1.png/revision/latest?cb=20140301070354
  • 20. falcon_new_doc_count_is_low: sensu.manage_senseuss_check: - senseuss: - check_type: time_diff - index_prefix: elasticbeat - query: '_exists_:cluster_stats.Indices.Docs.count AND cluster_stats.cluster_name:falcon' - metric: cluster_stats.Indices.Docs.count - aggregation_type: max - timeframe: now-5m - critical_expression: 'result["latest"]["value"] - result["previous"]["value"] <= 0' - warning_expression: 'result["latest"]["value"] - result["previous"]["value"] < 10**6' - alert_message: 'Document count on ES metrics cluster falcon has fallen below normal levels' - message_expression: '"New doc count at {:.4G}".format(result["latest"]["value"] - result["previous"]["value"])' - handlers: ["high_priority"] - interval: 300 - occurrences: 3 - playbook: "https://tubularlabs.atlassian.net/wiki/display/EN/ELK+Stack+Playbook#ELKStackPlaybook-Logs tashisn'tshippingeventstoElasticSearech"
  • 21. { "query": { "bool": { "filter": { "range": { "@timestamp": { "gte": "now-10m" } } }, "must": { "query_string": { "query": "_exists_:cluster_stats.Indices.Docs.count AND cluster_stats.cluster_name:falcon", "analyze_wildcard": true } } } }, "aggs": { "time_diff": { "aggs": { "metric_agg": { "max": { "field": "cluster_stats.Indices.Docs.count" } } }, "filters": { "filters": { "latest": { "range": { "@timestamp": { "gte": "now-5m", "lte": "now" } } }, "previous": { "range": { "@timestamp": { "gte": "now-10m", "lte": "now-5m" } } } } } } }, "size": 0 }
  • 22. ngfront_sla_overall_upness_score: sensu.manage_senseuss_check: - senseuss: - check_type: monitor_aggregation - index_prefix: "logstash*" - monitors: | [ {"name": "app_api_response_time", "weight": 1}, {"name": "app_api_success_rate", "weight": 1} ] - timeframe: "now-5m" - warning_value: 90 - critical_value: 75 - alert_message: 'Overall App Upness Score dropped below threshold' - message_expression: '"Current Overall App Upness Score at {:.2f}%".format(result["weighted_avg"])' - handlers: ["medium_priority", "app_team"] - interval: 300 - occurrences: 1 - playbook: https://tubularlabs.atlassian.net/wiki/display/EN/NGFront+Playbook
  • 23. { "query": { "bool": { "filter": { "range": { "@timestamp": { "gte": "now-5m" } } }, "must": { "query_string": { "query": "payload.check.name.raw:(app_api_response_time OR app_api_success_rate)", "analyze_wildcard": true } } } }, "aggs": { "term_agg": { "terms": { "field": "payload.check.name.raw", "size": 2 }, "aggs": { "value_avg": { "avg": { "field": "payload.check.status" } } } } }, "size": 0 }