Some log sources, such as firewalls and network appliances, generate a large volume of log events that contain data that don’t necessarily need to be stored. Often, you just want to see a summary of the logs and compare it to historical data. Use the Generate Metrics template to generate a count metric of logs that match a query or a distribution metric of a numeric value contained in the logs, such as a request duration. The template starts you off with the following processors:
Filter: Add a query to send only a subset of logs based on your conditions.
Grok Parser: Parse your logs using grok parsing rules that are available for a set of sources or add custom parsing rules.
Generate metrics: Generate metrics for your logs or a subset of them. See Metrics types for the types of metrics you can generate.
Metrics types
You can generate these types of metrics for your logs. See the Metrics Types and Distributions documentation for more details.
Metric type
Description
Example
COUNT
Represents the total number of event occurrences in one time interval. This value can be reset to zero, but cannot be decreased.
You want to count the number of logs with status:error.
GAUGE
Represents a snapshot of events in one time interval.
You want to measure the latest CPU utilization per host for all logs in the production environment.
DISTRIBUTION
Represent the global statistical distribution of a set of values calculated across your entire distributed infrastructure in one time interval.
You want to measure the average time it takes for an API call to be made.
