Create Metric Rules
This page has step-by-step instructions for creating a metric rule using the metric rules editor in the Sumo UI.
The purpose of metric rules is to make it easier to query metrics. You can use metric rules to tag metrics with data derived from the metric identifier. Then, you can use those tags in metric queries, alerts, and dashboard filters.
For a detailed discussion of metric rules, see About Metric Rules.
Create a Metric Rule
To create a metric rule:
In the Sumo web app, go to Manage Data > Metrics > Metric Rules.
The Metric Rules page lists the metric rules that have already been defined.
To add a new rule, click the plus sign (+) in the upper left of the Metric Rules page.
The Add Metric Rule popup appears.
In the Rule name field, enter a name for the new rule.
In the Metric match expression field, enter one or more expressions that match the identifier of the metrics you want to tag. For example, this match expression:
collectd.*.*.*.*matches Graphite strings in the
_rawNamefield that begin with “collectd”, followed by four dot-separated segments. For example:collectd.cqsplitter.stag-cqsplitter-2.GenericJMX-health_jmx-memory.memory-heapmaxAnd this match expression:
_sourceCategory=training/shipping/metrics type=paymentmatches all metrics whose
_sourceCategoryfield is "training/shipping/metrics" and type field is “payment”.tip
For greedy matching, use two asterisks. For more information, see the Greedy match expressions.
You can use more than one match expression. For more information, see the Multiple match expressions.
The Time Series section of the page lists metrics that match the expression you entered. If no metrics are listed, edit your match expression until matching metrics appear.
In the Define variables section of the page, for each tag you want to apply to matching metrics, enter a meaningful tag name in the Variable name field on the left. In the Tag sequence field, assign a variable to the tag. There are two different formats for specifying the Tag Sequence.
- To pull a tag from a dot-delimited string in the metric's
_rawNamefield, use$_1to extract the first segment of the string,$_2to extract the second segment of the string, and so on. For more information, see Extracting variables from a dot-delimited match expression. - To pull a tag from a dot-delimited string in metric field other than
_rawNamefield, use$FieldName._1to extract the first segment of the string,$FieldName._2to extract the second segment of the string, and so on. For more information, see Extracting variables from a key-value pair match expression,.
- To pull a tag from a dot-delimited string in the metric's
Select a metric in the Time Series section to see the values that would be assigned to each extracted tag for the selected metric:
The entries below show what values would be assigned to the selected metric given the specified Tag Sequences.
Click Save to save your rule. The tags will be applied to incoming metrics. Sumo Logic will not re-index your historical data.
Metric Rules editor error messages
This section describes error messages that can be issued by the Metric Rules Editor.
| Error Message | Description |
|---|---|
| Rule name already exists. | This message appears if you try to assign a name that is already assigned to a an existing rule to a different rule. To resolve this error, enter a different rule name. |
| Rule already exists. | This message appears if you try to create a rule that has the same match expression and variable assignment(s) as an existing rule. |
| $field was needed but not extracted. (Where $field is a variable that has not been extracted.) | This message appears if you refer to a variable that you have not extracted. |
| Rules specification field $field starts with underscore. (Where $field is a variable.) | This message appears if the field name starts with underscore. |
| Duplicated extraction field. | This message appears if you assign multiple values to the same field. |
| Unable to parse rule; [4.8] failure: 'extract:' expected but ':' found. | This message appears if you specify an invalid match expression. |