Monitoring tables
The Devo Relay ingest generates monitoring events and they are stored in the following tables of the customer's domain it belongsinside Devo:
syslog.relay.conf: replicates the conf logs of the old relay (<= 1.4.2).
syslog.relay.monitor: shows the health-checker and test logs.
syslog.relay.out: shows the relay logs.
syslog.scoja.main: shows the logs of the core components.
syslog.scoja.source: shows the logs of the core source/input operations.
syslog.scoja.stats: shows sending statistics.
syslog.scoja.target: shows the logs of the core target/output operations.
syslog.scoja.thread: shows the logs for core threads.
...
Shows the configuration logs of the old relay (<= 1.4.2)
Name | Type | Description |
|---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
machine | String |
|
serverdate | String | Event timestamp at the instance of the relay |
message | String | Message describing the current status of the relay and the result (SUCCESS or FAILURE) of the configuration event |
syslog.relay.monitor
Shows the data produced by the Relay health-checks events check and the relay CLI tests events.
Name | Type | Description |
|---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
machine | String |
|
operation | String | Monitoring operation name |
id | String | The operation id shared by all messages belonging to same operation |
relayId | String | The relay Id as it is set up at Web |
message | String | The contents of the message of the operation |
syslog.relay.out
Shows the global/general relay logs.
Name | Type | Description |
|---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
machine | String |
|
level | String | Log level: TRACE, DEBUG, INFO, WARN, ERROR |
operation | String | Type of operation the event belongs to |
id | String | The operation id, so several messages can be grouped in the same operation |
relayId | String | The relay Id as it is set up at Web |
logger | String | Logger name of the relay component the event belongs to |
message | String | The contents of the message |
syslog.scoja.main
Shows the core component logs.
Name | Type | Description |
|---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
collector | String | The relay Id as it is set up at Web |
hostchain | String |
|
level | String | Log level: trace, debug, info, warn, error, fatal |
tag | String | Tag of the event |
message | String | The contents of the message |
syslog.scoja.source
Shows the core source/inputs operations.
Name | Type | Description |
|---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
collector | String | The relay Id as it is set up at Web |
hostchain | String |
|
level | String | Log level: trace, debug, info, warn, error, fatal |
tag | String | Tag of the event: UDP or TCP |
message | String | Message content describing the input/source operation. |
syslog.scoja.stats
Shows the core sending statistics.
Name | Type | Description |
|---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
collector | String | The relay Id as it is set up at Web |
kind | String | Specifies if stats are from data received by sources or sent to a target. |
subkind | String | Protocol used for transmission
|
parameters | String | Connection parameters with specifics details
|
partialCpu | int | CPU time in nanoseconds spent in OS functions. Only valid for |
partialCpuUser | int | CPU time in nanoseconds spent in the application (user mode). Only valid for |
partialPackets | int | Number of packets sent through UDP. Only valid for |
partialBytes | int | Number of bytes processed from source by UDP. Only valid for |
partialEvents | int | TCP and UDP number of events processed of kind and subkind. |
partialEventBytes | int | TCP and UDP number of events bytes processed of kind and subkind. Valid for all but |
partialMinorErrors | int | Number of minor errors |
, incremented value since last stats event | ||
partialMayorErrors | int | Number of major errors |
, incremented value since last stats event | ||
partialDroppedLogs | int | Number of logs dropped, incremented value since last stats event. These are not the events filtered by rules, but the events dropped by relay as it could buffer and |
process | ||
partialBufferBytes | int | Buffered bytes, incremented value since last stats event |
totalBufferBytes | int | Buffered bytes, total value |
partialBufferLogs | int | Buffered log events, incremented value since last stats event |
totalBufferLogs | int | Buffered log events, total value |
partialBufferLogsMain | int | Buffered log events on RAM memory, incremented value since last stats event |
totalBufferLogsMain | int | Buffered log events on RAM memory, total value |
partialBufferLogsSecondary | int | Buffered log events and persisted on disk, incremented value since last stats event |
totalBufferLogsSecondary | int | Buffered log events buffered and persisted on disk, total value |
syslog.scoja.target
Shows the core target/output operations. It would include errors related to connection to the collector.
Name | Type | Description |
|---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
collector | String | The relay Id as it is set up at Web |
hostchain | String |
|
level | String | Log level: trace, debug, info, warn, error, fatal |
tag | String | Tag of the event |
message | String | Message content describing actions related to target |
syslog.scoja.thread
Shows the core operations belonging to threading.
Name | Type | Description |
|---|---|---|
eventdate | Timestamp | Ingestion timestamp of the event in Devo |
collector | String | The relay Id as it is set up at Web |
hostchain | String |
|
level | String | Log level: trace, debug, info, warn, error, fatal |
tag | String | Tag of the event |
message | String | The contents of the message describing the threading operation |