Sumo Logic App for MongoDB
MongoDB is a source-available cross-platform document-oriented database program. The Sumo Logic app for MongoDB supports logs and metrics from the open source version of MongoDB. The App is tested on the 4.4.4 version of MongoDB.
Log Types
The MongoDB logs are generated in files as configured in the configuration file /var/log/mongodb/mongodb.log
. For more details on MongoDB logs, see this link.
The Sumo Logic App for MongoDB supports metrics generated by the MongoDB plugin for Telegraf. The app assumes prometheus format Metrics.
Sample Log Message
{
"t":{
"$date":"2021-05-21T10:22:57.373+00:00"
},
"s":"I",
"c":"NETWORK",
"id":51800,
"ctx":"conn500659",
"msg":"client metadata",
"attr":{
"remote":"127.0.0.1:49472",
"client":"conn500659",
"doc":{
"application":{
"name":"MongoDB Shell"
},
"driver":{
"name":"MongoDB Internal Client",
"version":"4.4.4"
},
"os":{
"type":"Linux",
"name":"PRETTY_NAME=\"Debian GNU/Linux 10 (buster)\"",
"architecture":"x86_64",
"version":"Kernel 4.4.0-62-generic"
}
}
}
}
Sample Query
environment=* db_cluster=* db_system=mongodb | json "log" as _rawlog nodrop
| if (isEmpty(_rawlog), _raw, _rawlog) as _raw
| json field=_raw "t.$date" as timestamp
| json field=_raw "s" as severity
| json field=_raw "c" as component
| json field=_raw "ctx" as context
| json field=_raw "msg" as msg
| where severity in ("E")
| count by component
Collecting Logs and Metrics for MongoDB
This section provides instructions for configuring log and metric collection for the Sumo Logic App for MongoDB.
Step 1: Configure Fields in Sumo Logic
Create the following Fields in Sumo Logic prior to configuring collection. This ensures that your logs and metrics are tagged with relevant metadata, which is required by the app dashboards. For information on setting up fields, see Sumo Logic Fields.
- Kubernetes environments
- Non-Kubernetes environments
If you're using MongoDB in a Kubernetes environment, create the fields:
pod_labels_component
pod_labels_environment
pod_labels_db_system
pod_labels_db_cluster
If you're using MongoDB in a non-Kubernetes environment, create the fields:
component
environment
db_system
db_cluster
Step 2: Configure Collection for MongoDB
- Kubernetes environments
- Non-Kubernetes environments
In Kubernetes environments, we use the Telegraf Operator, which is packaged with our Kubernetes collection. You can learn more about it here.The diagram below illustrates how data is collected from MongoDB in a Kubernetes environment. In the architecture shown below, there are four services that make up the metric collection pipeline: Telegraf, Prometheus, Fluentd and FluentBit.
The first service in the pipeline is Telegraf. Telegraf collects metrics from MongoDB. Note that we’re running Telegraf in each pod we want to collect metrics from as a sidecar deployment for example, Telegraf runs in the same pod as the containers it monitors. Telegraf uses the MongoDB input plugin to obtain metrics. (For simplicity, the diagram doesn’t show the input plugins.) The injection of the Telegraf sidecar container is done by the Telegraf Operator. We also have Fluentbit that collects logs written to standard out and forwards them to FluentD, which in turn sends all the logs and metrics data to a Sumo Logic HTTP Source.
It’s assumed that you are using the latest helm chart version. If not, upgrade using the instructions here.
Configure Metrics Collection
This section explains the steps to collect MongoDB metrics from a Kubernetes environment.
- Set up Kubernetes Collection with the Telegraf Operator.
- On your MongoDB Pods, add the following annotations:
annotations:
telegraf.influxdata.com/class: sumologic-prometheus
prometheus.io/scrape: "true"
prometheus.io/port: "9273"
telegraf.influxdata.com/inputs: |+
[[inputs.mongodb]]
servers = ["mongodb://<username-CHANGEME>:<password-CHANGEME>@127.0.0.1:27017"]
gather_perdb_stats = true
gather_col_stats = true
[inputs.mongodb.tags]
environment="ENV_TO_BE_CHANGED"
component="database"
db_system="mongodb"
db_cluster="ENV_TO_BE_CHANGED"
db_cluster_address = "ENV_TO_BE_CHANGED"
db_cluster_port = "ENV_TO_BE_CHANGED"
- Please enter values for the following parameters (marked
ENV_TO_BE_CHANGED
above):telegraf.influxdata.com/inputs
- This contains the required configuration for the Telegraf MongoDB Input plugin. Please refer to this doc for more information on configuring the MongoDB input plugin for Telegraf. Note: As telegraf will be run as a sidecar the host should always be localhost.* In the input plugins section (`[inputs.MongoDB]`):
* `servers` - The URL to the MongoDB server. This can be a comma-separated list to connect to multiple MongoDB servers. Please see [this doc](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/mongodb) for more information on additional parameters for configuring the MongoDB input plugin for Telegraf.
* In the tags section (`[inputs.MongoDB.tags])`:
* `environment` - This is the deployment environment where the MongoDB cluster identified by the value of **servers** resides. For example: dev, prod or qa. While this value is optional we highly recommend setting it.
* `db_cluster` - Enter a name to identify this MongoDB cluster. This cluster name will be shown in the Sumo Logic dashboards.
* `db_cluster_address` - Enter the cluster hostname or ip address that is used by the application to connect to the database. It could also be the load balancer or proxy endpoint.
* `db_cluster_port` - Enter the database port. If not provided, a default port will be used.notedb_cluster_address
anddb_cluster_port
should reflect the exact configuration of DB client configuration in your application, especially if you instrument it with OT tracing. The values of these fields should match exactly the connection string used by the database client (reported as values for net.peer.name and net.peer.port metadata fields).
For example, if your application uses “mongodb-prod.sumologic.com:3306” as the connection string, the field values should be set as follows: db_cluster_address=mongodb-prod.sumologic.com db_cluster_port=3306
If your application connects directly to a given mongodb node, rather than the whole cluster, use the application connection string to override the value of the “host” field in the Telegraf configuration: host=mongodb-prod.sumologic.com
Pivoting to Tracing data from Entity Inspector is possible only for “MongoDB address” Entities. :::
- Here’s an explanation for additional values set by this configuration that we request you do not modify as they will cause the Sumo Logic apps to not function correctly.
telegraf.influxdata.com/class: sumologic-prometheus
- This instructs the Telegraf operator what output to use. This should not be changed.prometheus.io/scrape: "true"
- This ensures our Prometheus will scrape the metrics.prometheus.io/port: "9273"
- This tells prometheus what ports to scrape on. This should not be changed.telegraf.influxdata.com/inputs
- In the tags section (
[inputs.mongodb.tags]
):component: “database”
- This value is used by Sumo Logic apps to identify application components.db_system: “mongodb”
- This value identifies the database system.
- In the tags section (
- See this doc for more parameters that can be configured in the Telegraf agent globally.
- Sumo Logic Kubernetes collection will automatically start collecting metrics from the pods having the labels and annotations defined in the previous step.
- Verify metrics in Sumo Logic.
Configure Logs Collection
This section explains the steps to collect MongoDB logs from a Kubernetes environment.
- Add labels on your MongoDB pods to capture logs from standard output on Kubernetes. Make sure that the logs from MongoDB are sent to stdout. For more details, see this doc.
- Apply following labels to the MongoDB pods:
labels:
environment: "prod"
component: "database"
db_system: "mongodb"
db_cluster: "mongodb_prod_cluster01" - Enter in values for the following parameters:
* `environment`. This is the deployment environment where the MongoDB cluster identified by the value of **servers** resides. For example: dev, prod or qa. While this value is optional we highly recommend setting it.
* `db_cluster`. Enter a name to identify this MongoDB cluster. This cluster name will be shown in the Sumo Logic dashboards.
* `db_cluster_address` - Enter the cluster hostname or ip address that is used by the application to connect to the database. It could also be the load balancer or proxy endpoint.
* `db_cluster_port` - Enter the database port. If not provided, a default port will be used.notedb_cluster_address
anddb_cluster_port
should reflect exact configuration of DB client configuration in your application, especially if you instrument it with OT tracing. The values of these fields should match exactly the connection string used by the database client (reported as values for net.peer.name and net.peer.port metadata fields). - Apply following labels to the MongoDB pods:
For example if your application uses “mongodb-prod.sumologic.com:3306”
as the connection string, the field values should be set as follows: db_cluster_address=mongodb-prod.sumologic.com db_cluster_port=3306
If your application connects directly to a given mongodb node, rather than the whole cluster, use the application connection string to override the value of the “host” field in the Telegraf configuration: host=mongodb-prod.sumologic.com
.
Pivoting to Tracing data from Entity Inspector is possible only for “MongoDB address” Entities. :::
* **Do not modify the following values** as they will cause the Sumo Logic apps to not function correctly.
* `component: “database”`. This value is used by Sumo Logic apps to identify application components.
* `db_system: “mongodb”`. This value identifies the database system.
* See [this doc](/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/install-telegraf#Configuring-Telegraf) for more parameters that can be configured in the Telegraf agent globally.
- Collecting MongoDB Logs from a Log File (Optional). Follow the steps below to capture MongoDB logs from a log file on Kubernetes.
- Determine the location of the MongoDB log file on Kubernetes. This can be determined from the MongoDB.conf for your MongoDB cluster along with the mounts on the MongoDB pods.
- Install the Sumo Logic tailing sidecar operator.
- Add the following annotation in addition to the existing annotations.Example:
annotations:
tailing-sidecar: sidecarconfig;<mount>:<path_of_MongoDB_log_file>/<MongoDB_log_file_name>annotations:
tailing-sidecar: sidecarconfig;data:/mongo-prim-data/MongoDB.log - Make sure that the MongoDB pods are running and annotations are applied by using the command:
kubectl describe pod <MongoDB_pod_name>
- Sumo Logic Kubernetes collection will automatically start collecting logs from the pods having the annotations defined above.
- Add an FER to normalize the fields in Kubernetes environments. This step is not needed if one is using application components solution terraform script. Labels created in Kubernetes environments automatically are prefixed with
pod_labels
. To normalize these for our app to work, we need to create a Field Extraction Rule if not already created for Database Application Components. To do so:- Go to Manage Data > Logs > Field Extraction Rules.
- Click the + Add button on the top right of the table.
- The Add Field Extraction Rule form will appear:
- Enter the following options:
- Rule Name. Enter the name as App Observability - Database.
- Applied At. Choose Ingest Time
- Scope. Select Specific Data
- Scope: Enter the following keyword search expression:
pod_labels_environment=* pod_labels_component=database \
pod_labels_db_system=* pod_labels_db_cluster=* - Parse Expression.Enter the following parse expression:
| if (!isEmpty(pod_labels_environment), pod_labels_environment, "") as environment
| pod_labels_component as component
| pod_labels_db_system as db_system
| pod_labels_db_cluster as db_cluster
- Click Save to create the rule.
In non-Kubernetes environments, we use the Telegraf operator for MongoDB metric collection and Sumo Logic Installed Collector for collecting MongoDB logs. The diagram below illustrates the components of the MongoDB collection in a non-Kubernetes environment. Telegraf runs on the same system as MongoDB, and uses the MongoDB input plugin to obtain MongoDB metrics, and the Sumo Logic output plugin to send the metrics to Sumo Logic. Logs from MongoDB on the other hand are sent to either a Sumo Logic Local File source or Syslog source.
This section provides instructions for configuring metrics collection for the Sumo Logic App for MongoDB.
Configure Metrics Collection
- Configure a Hosted Collector. To create a new Sumo Logic hosted collector, perform the steps in the Configure a Hosted Collector section of the Sumo Logic documentation.
- Configure an HTTP Logs and Metrics Source. Create a new HTTP Logs and Metrics Source in the hosted collector created above by following these instructions. . Make note of the HTTP Source URL.
- Install Telegraf. Use the following steps install Telegraf.
- Configure and start Telegraf. As part of collecting metrics data from Telegraf, we will use the MongoDB input plugin to get data from Telegraf and the Sumo Logic output plugin to send data to Sumo Logic. Create or modify telegraf.conf and copy and paste the text below:
[[inputs.mongodb]]
servers = ["mongodb://<username-CHANGEME>:<password-CHANGEME>@127.0.0.1:27017"]
gather_perdb_stats = true
gather_col_stats = true
[inputs.mongodb.tags]
environment="ENV_TO_BE_CHANGED"
component="database"
db_system="mongodb"
db_cluster="ENV_TO_BE_CHANGED"
db_cluster_address = "ENV_TO_BE_CHANGED"
db_cluster_port = "ENV_TO_BE_CHANGED"
[[outputs.sumologic]]
url = "<CHANGEME>" -- HTTP Source URL you created in previous step
data_format = "prometheus" - Enter values for the following parameters (marked ENV_TO_BE_CHANGED above):
* In the input plugins section, `[inputs.mongodb]`:
* `servers` - The URL to the MongoDB server. This can be a comma-separated list to connect to multiple MongoDB servers. Please see [this doc](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/mongodb) for more information on additional parameters for configuring the MongoDB input plugin for Telegraf.
* In the tags section, `[inputs.mongodb.tags]`
* `environment` - This is the deployment environment where the MongoDB cluster identified by the value of **servers** resides. For example: dev, prod or qa. While this value is optional we highly recommend setting it.
* `db_cluster` - Enter a name to identify this MongoDB cluster. This cluster name will be shown in the Sumo Logic dashboards.
* db_cluster_address - Enter the cluster hostname or ip address that is used by the application to connect to the database. It could also be the load balancer or proxy endpoint.
* `db_cluster_port` - Enter the database port. If not provided, a default port will be used.notedb_cluster_address
anddb_cluster_port
should reflect the exact configuration of DB client configuration in your application, especially if you instrument it with OT tracing. The values of these fields should match exactly the connection string used by the database client (reported as values fornet.peer.name
andnet.peer.port
metadata fields). - Configure and start Telegraf. As part of collecting metrics data from Telegraf, we will use the MongoDB input plugin to get data from Telegraf and the Sumo Logic output plugin to send data to Sumo Logic. Create or modify telegraf.conf and copy and paste the text below:
For example, if your application uses “mongodb-prod.sumologic.com:3306”
as the connection string, the field values should be set as follows: db_cluster_address=mongodb-prod.sumologic.com db_cluster_port=3306
If your application connects directly to a given MongoDB node, rather than the whole cluster, use the application connection string to override the value of the “host” field in the Telegraf configuration: host=mongodb-prod.sumologic.com
Pivoting to Tracing data from Entity Inspector is possible only for “MongoDB address” Entities. :::
* In the output plugins section, `[outputs.sumologic]`:
* `url` - This is the HTTP source URL created in step 3. Please see [this doc](/1021/merge/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/configure-telegraf-output-plugin) for more information on additional parameters for configuring the Sumo Logic Telegraf output plugin.
* Here’s an explanation for additional values set by this Telegraf configuration that we request you **do not modify** as they will cause the Sumo Logic apps to not function correctly.
* `data_format - “prometheus”` In the output plugins section, `[outputs.sumologic]`, metrics are sent in the Prometheus format to Sumo Logic
* `component: “database”` - In the input plugins section, `[inputs.MongoDB]`, this value is used by Sumo Logic apps to identify application components.
* `gather_perdb_stats: “true”` - When true, collect per database stats.
* `gather_col_stats: “true”` - When true, collect per collection stats.
* See [this doc](https://github.com/influxdata/telegraf/blob/master/etc/telegraf.conf) for more parameters that can be configured in the Telegraf agent globally.
- Once you have finalized your telegraf.conf file, you can start or reload the telegraf service using instructions from the doc.
At this point, MongoDB metrics should start flowing into Sumo Logic.
Configure Logs Collection
This section provides instructions for configuring log collection for MongoDB running on a non-Kubernetes environment for the Sumo Logic App for MongoDB. By default, MongoDB logs are stored in a log file. MongoDB also supports forwarding logs via Syslog.
Sumo Logic supports collecting logs both via Syslog and a local log file. Utilizing Sumo Logic Cloud Syslog will require TCP TLS Port 6514 to be open in your network. Local log files can be collected via Installed collectors. Installed collector will require you to allow outbound traffic to Sumo Logic endpoints for collection to work. For detailed requirements for Installed collectors, see this page.
Based on your infrastructure and networking setup choose one of these methods to collect MongoDB logs and follow the instructions below to set up log collection:
Configure logging in MongoDB. MongoDB supports logging via the following methods: syslog, local text log files and stdout. MongoDB logs have four levels of verbosity. All logging settings are located in MongoDB.conf. To select a level, set
loglevel
to one of:- 0 is the MongoDB's default log verbosity level, to include Informational messages.
- 1 to 5 increases the verbosity level to include Debug messages.
Configure MongoDB to log to a Local file or syslog
Configuring MongoDB logs to go to log files. By default, MongoDB logs are stored in /var/log/mongodb/mongodb.log. The default directory for log files is listed in the MongoDB.conf file. To configure the log output destination to a log file, use one of the following settings, either in the configuration file or command-line:
- Configuration file: The systemLog.destination option for file.
- Command-line:
Logs from the MongoDB log file can be collected via a Sumo Logic Installed collector and a Local File Source as explained in the next section.
Configuring MongoDB logs to stream via syslog. To configure the log output destination to syslog, use one of the following settings, either in the configuration file or command-line:
- Configuration file: the systemLog.destination option for syslog.
- Command-line:
To capture MongoDB logs using syslog, configure a syslog source on an Installed collector as explained in the next section.
Configuring a Collector. To add an Installed collector, perform the steps as defined on the page Configure an Installed Collector.
Configuring a Source. To collect logs directly from your MongoDB machine, use a Local File Source and an Installed Collector.
- To add a Local File Source source for MongoDB, do the following:
1. Add a [Local File Source](/docs/send-data/installed-collectors/sources/local-file-source).
2. Configure the Local File Source fields as follows:
* **Name.** (Required)
* **Description.** (Optional)
* **File Path (Required).** Enter the path to your error.log or access.log. The files are typically located in /var/log/mongodb/mongodb.log. If you're using a customized path, check the MongoDB.conf file for this information.
* **Source Host.** Sumo Logic uses the hostname assigned by the OS unless you enter a different host name
* **Source Category.** Enter any string to tag the output collected from this Source, such as **MongoDB/Logs**. (The Source Category metadata field is a fundamental building block to organize and label Sources. For details see[ Best Practices](/docs/send-data/best-practices).)
* **Fields**. Set the following fields:
* `component = database`
* `db_system = mongodb`
* `db_cluster = <Your_MongoDB_Cluster_Name>`
* `environment = <Environment_Name>`, such as Dev, QA or Prod
* `db_cluster_address` - Enter the cluster hostname or ip address that is used by the application to connect to the database. It could also be the load balancer or proxy endpoint.
* `db_cluster_port` - Enter the database port. If not provided, a default port will be used.notedb_cluster_address
anddb_cluster_port
should reflect the exact configuration of DB client configuration in your application, especially if you instrument it with OT tracing. The values of these fields should match exactly the connection string used by the database client (reported as values for net.peer.name and net.peer.port metadata fields).
- To add a Local File Source source for MongoDB, do the following:
For example, if your application uses “mongodb-prod.sumologic.com:3306” as the connection string, the field values should be set as follows: db_cluster_address=mongodb-prod.sumologic.com db_cluster_port=3306
If your application connects directly to a given MongoDB node, rather than the whole cluster, use the application connection string to override the value of the “host”
field in the Telegraf configuration: host=mongodb-prod.sumologic.com
Pivoting to Tracing data from Entity Inspector is possible only for “MongoDB address” Entities ::: 3. Configure the Advanced section:
* **Enable Timestamp Parsing.** Select Extract timestamp information from log file entries.
* **Time Zone.** Choose the option, **Ignore time zone from log file and instead use**, and then select your MongoDB Server’s time zone.
* **Timestamp Format.** The timestamp format is automatically detected.
* **Encoding** Select UTF-8 (Default).
* **Enable Multiline Processing.** Detect messages spanning multiple lines
* Infer Boundaries - Detect message boundaries automatically
4. Click **Save**.
- To add a Syslog Source source for MongoDB, do the following:
1. Add a [Syslog source](/docs/send-data/installed-collectors/sources/Syslog-Source) in the installed collector configured in the previous step.
2. Configure the Syslog Source fields as follows:
* **Name.** (Required)
* **Description.** (Optional)
* **Protocol**: UDP
* **Port**: 514 (as entered while configuring logging in Step b.)
* **Source Category.** Enter any string to tag the output collected from this Source, such as **MongoDB/Logs**. (The Source Category metadata field is a fundamental building block to organize and label Sources. For details see[ Best Practices](/docs/send-data/best-practices).)
* **Fields. **Set the following fields:
* `component = database`
* `db_system = MongoDB`
* `db_cluster = <Your_MongoDB_Cluster_Name>`
* `environment = <Environment_Name>`, such as Dev, QA or Prod
* `db_cluster_address` - Enter the cluster hostname or ip address that is used by the application to connect to the database. It could also be the load balancer or proxy endpoint.
* `db_cluster_port` - Enter the database port. If not provided, a default port will be used.notedb_cluster_address
anddb_cluster_port
should reflect the exact configuration of DB client configuration in your application, especially if you instrument it with OT tracing. The values of these fields should match exactly the connection string used by the database client (reported as values fornet.peer.name
andnet.peer.port
metadata fields).
For example, if your application uses “mongodb-prod.sumologic.com:3306” as the connection string, the field values should be set as follows: db_cluster_address=mongodb-prod.sumologic.com db_cluster_port=3306
If your application connects directly to a given MongoDB node, rather than the whole cluster, use the application connection string to override the value of the “host” field in the Telegraf configuration: host=mongodb-prod.sumologic.com
Pivoting to Tracing data from Entity Inspector is possible only for “MongoDB address” Entities. ::: 3. Configure the Advanced section:
* **Enable Timestamp Parsing.** Select Extract timestamp information from log file entries.
* **Time Zone.** Choose the option, **Ignore time zone from log file and instead use**, and then select your MongoDB Server’s time zone.
* **Timestamp Format.** The timestamp format is automatically detected.
* **Encoding.** Select UTF-8 (Default).
4. Click **Save**.
At this point, MongoDB logs should start flowing into Sumo Logic.
Installing MongoDB Monitors
The next few sections have instructions for installing Sumo Logic Monitors for MongoDB, the app, and descriptions of each of the app dashboards. These instructions assume you have already set up collection as described in the Collect Logs and Metrics for MongoDB App page.
Sumo Logic has provided pre-packaged alerts available through Sumo Logic monitors to help you proactively determine if a MongoDB cluster is available and performing as expected. These monitors are based on metric and log data and include pre-set thresholds that reflect industry best practices and recommendations. For more information about individual alerts, see MongoDB Alerts.
To install these monitors, you must have the Manage Monitors role capability.
You can install monitors by importing a JSON file or using a Terraform script.
There are limits to how many alerts can be enabled. For more information, see Monitors for details.
Method A: Importing a JSON file
- Download the JSON file that describes the monitors.
- Replace
$$mongodb_data_source
with a custom source filter. To configure alerts for a specific database cluster, use a filter likedb_system=mongodb
ordb_cluster=dev-mongodb
. To configure the alerts for all of your clusters, set$$mongodb_data_source
to blank (""
). - Go to Manage Data > Alerts > Monitors.
- Click Add.
- Click Import.
- On the Import Content popup, enter
MongoDB
in the Name field, paste in the JSON into the the popup, and click Import. - The monitors are created in a "MongoDB" folder. The monitors are disabled by default. See the Monitors topic for information about enabling monitors and configuring notifications or connections.
Method B: Using a Terraform script
Generate a Sumo Logic access key and ID for a user that has the Manage Monitors role capability. For instructions see Access Keys.
Download Terraform 0.13 or later, and install it.
Download the Sumo Logic Terraform package for MongoDB monitors. The alerts package is available in the Sumo Logic github repository. You can either download it using the
git clone
command or as a zip file.Alert Configuration. After extracting the package , navigate to the
terraform-sumologic-sumo-logic-monitor/monitor_packages/MongoDB/
directory. Edit theMongoDB.auto.tfvars
file and add the Sumo Logic Access Key and Access ID from Step 1 and your Sumo Logic deployment. If you're not sure of your deployment, see Sumo Logic Endpoints and Firewall Security.access_id = "<SUMOLOGIC ACCESS ID>"
access_key = "<SUMOLOGIC ACCESS KEY>"
environment = "<SUMOLOGIC DEPLOYMENT>"The Terraform script installs the alerts without any scope filters, if you would like to restrict the alerts to specific clusters or environments, update the
mongodb_data_source
variable. For example:- To configure alerts for A specific cluster set
mongodb_data_source
to something likedb_cluster = mongodb.prod.01
- To configure alerts for All clusters in an environment set
mongodb_data_source
to something likeenvironment = prod
- To configure alerts for Multiple clusters using a wildcard set
mongodb_data_source
to something likedb_cluster = mongodb-prod*
- To configure alerts for A specific cluster within a specific environment, set
mongodb_data_source
to something likedb_cluster = mongodb-1
andenvironment = prod
. This assumes you have configured and applied Fields as described in Step 1: Configure Sumo Logic Fields.
All monitors are disabled by default on installation. To enable all of the monitors, set the
monitors_disabled
parameter tofalse
. By default, the monitors will be located in a "MongoDB" folder on the Monitors page. To change the name of the folder, update the monitor folder name in thefolder
variable in theMongoDB.auto.tfvars
file.- To configure alerts for A specific cluster set
If you want the alerts to send email or connection notifications, edit the
MongoDB_notifications.auto.tfvars
file to populate theconnection_notifications
andemail_notifications
sections. Examples are provided below. In the variable definition below, replace<CONNECTION_ID>
with the connection ID of the Webhook connection. You can obtain the Webhook connection ID by calling the Monitors API.
connection_notifications = [
{
connection_type = "PagerDuty",
connection_id = "<CONNECTION_ID>",
payload_override = "{\"service_key\": \"your_pagerduty_api_integration_key\",\"event_type\": \"trigger\",\"description\": \"Alert: Triggered {{TriggerType}} for Monitor {{Name}}\",\"client\": \"Sumo Logic\",\"client_url\": \"{{QueryUrl}}\"}",
run_for_trigger_types = ["Critical", "ResolvedCritical"]
},
{
connection_type = "Webhook",
connection_id = "<CONNECTION_ID>",
payload_override = "",
run_for_trigger_types = ["Critical", "ResolvedCritical"]
}
]
For information about overriding the payload for different connection types, see Set Up Webhook Connections.
email_notifications = [
{
connection_type = "Email",
recipients = ["abc@example.com"],
subject = "Monitor Alert: {{TriggerType}} on {{Name}}",
time_zone = "PST",
message_body = "Triggered {{TriggerType}} Alert on {{Name}}: {{QueryURL}}",
run_for_trigger_types = ["Critical", "ResolvedCritical"]
}
]
- Install Monitors
- Navigate to the
terraform-sumologic-sumo-logic-monitor/monitor_packages/MongoDB/
directory and runterraform init
. This will initialize Terraform and download the required components. - Run
terraform plan
to view the monitors that Terraform will create or modify. - Run
terraform apply
.
- Navigate to the
Installing the MongoDB App
Now that you have set up collection for MongoDB, install the Sumo Logic App for MongoDB to use the preconfigured searches and dashboards to analyze your data.
Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.
- From the App Catalog, search for and select the app.
- Select the service version you're using and click Add to Library. Version selection applies only to a few apps currently. For more information, see the Install the Apps from the Library.
- To install the app, complete the following fields.
- App Name. You can retain the existing name or enter the app's name of your choice.
- Advanced. Select the Location in the Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
- Click Add to Library.
Once an app is installed, it will appear in your Personal folder or another folder that you specified. From here, you can share it with your organization.
Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps.
Viewing MongoDB Dashboards
If no events have occurred within the time range of the Panel, the Panel will be empty.
Overview
The MongoDB - Overview dashboard provides an at-a-glance view of MongoDB health, performance and problems causing errors.
Use this dashboard to:
- Identify Slow Queries impacting the performance.
- Gain insights into Replication and Sharding operations.
- Verify Page Faults generated to determine the root cause of the problems.
Resource
The MongoDB - Resource dashboard shows resource utilization by the MongoDB component.
Use this dashboard to:
- Determine Memory and Disk Usage.
- Identify potential resource constraints and issues.
Errors and Warnings
The MongoDB - Errors and Warnings dashboard shows errors and warnings by the MongoDB component.
Use this dashboard to:
- Determine components producing multiple errors or warnings.
Logins and Connections
The MongoDB - Logins and Connections dashboard shows geo location of client connection requests, failed connection logins by geo location, and count of failed login attempts.
Use this dashboard to:
- Determine potential hacking attempts.
- Determine location of attacks.
Query Logs
The MongoDB - Queries dashboard shows read and write query trends.
Use this dashboard to:
- Monitor abnormal spikes in Query volume
- Identify the read versus write ratio of your application queries. ing or adjusting indexes to improve query performance.
Replication Logs
The MongoDB - Replication dashboard shows replica deletes/updates/inserts trend and replica state.
Use this dashboard to:
- Monitor replication state and replication events like inserts/updates/commands per second.
- Track Replication Oplog window to identify replication delay
Sharding
The MongoDB - Sharding dashboard dashboard shows sharding related errors, events, failures and number of chunks moving between shards.
Use this dashboard to:
- Identify Sharding errors and warnings.
- Gain insights into Chunk operations.
MongoDB Alerts
Sumo Logic provides out-of-the-box alerts available via Sumo Logic monitors. These alerts are built based on logs and metrics datasets and have preset thresholds based on industry best practices and recommendations.
Name | Description | Trigger Type | Alert Conditions | Recover Conditions |
---|---|---|---|---|
MongoDB - Too Many Cursors Timeouts | This alert fires when we detect that there are too many cursors (100) timing out on a MongoDB server within a 5 minute time interval. | Warning | >= 100 | < 100 |
MongoDB - Too Many Cursors Open | This alert fires when we detect that there are too many cursors (>10K) opened by MongoDB. | Warning | >= 10000 | < 10000 |
MongoDB - Missing Primary | This alert fires when we detect that a MongoDB cluster has no node marked as primary. | Critical | <= 0 | > 0 |
MongoDB - Instance Down | This alert fires when we detect that the MongoDB instance is down. | Missing Data | -- | -- |
MongoDB - Replication Lag | This alert fires when we detect that the replica lag for a given MongoDB cluster is greater than 60 seconds. Please review the replication configuration. | Warning | > 60 | <= 60 |
MongoDB - Replication Heartbeat Error | This alert fires when we detect that the MongoDB Replication Heartbeat request has errors, which indicates replication is not working as expected. | Warning | > 0 | <= 0 |
MongoDB - Too Many Connections | This alert fires when we detect a given MongoDB server has too many connections (over 80% of capacity). | Warning | >= 80 | < 80 |
MongoDB - Secondary Node Replication Failure | This alert fires when we detect that a MongoDB secondary node is out of sync for replication. | Warning | > 0 | <= 0 |
MongoDB - Slow Queries | This alert fires when we detect that a MongoDB cluster is executing slow queries. | Warning | > 0 | <= 0 |
MongoDB - Sharding Warning | This alert fires when we detect warnings in MongoDB sharding operations. | Warning | > 0 | <= 0 |
MongoDB - Sharding Chunk Split Failure | This alert fires when we detect that a MongoDB chunk not been split during sharding. | Warning | > 0 | <= 0 |
MongoDB - Sharding Error | This alert fires when we detect errors in MongoDB sharding operations. | Critical | > 0 | <= 0 |
MongoDB - Replication Error | This alert fires when we detect errors in MongoDB replication operations. | Warning | > 0 | <= 0 |
MongoDB - Sharding Balancer Failure | This alert fires when we detect that data balancing failed on a MongoDB Cluster with 1 mongos instance and 3 mongod instances. | Warning | > 0 | <= 0 |