To monitor events from apps using App Metrics, select Enable Event Alerting in Tanzu Operations Manager on the App Metrics tile. Go to Settings and select App Metrics Components Config to use the Event Alerting feature. This optional feature contains detailed information about the schema and API for Log Monitor documents.

To upload a Log Monitor Document, see cURLing your Log Monitor Document to App Metrics.

For more information about the schema and API, see Log Monitor Document API specification. It also contains an example log monitor document, named LogMonitorDocumentExample.

cURLing your Log Monitor Document to App Metrics

After you prepare your Log Monitor Document, push it to App Metrics using the cURL command line. The endpoint is the same as for the Monitor Document.

Linux/Mac

curl -vvv https://metrics.sys.DOMAIN/monitor-documents -H "Authorization: $(cf oauth-token)" --data-binary "@[LOG-MONITOR-DOCUMENT.yml]"

Where LOG-MONITOR-DOCUMENT is the name of your Log Monitor Document YAML file.

Windows

  1. Copy your OAuth token to the clipboard: cf oauth-token
  2. Paste your OAuth token into the following command:
curl -vvv https://metrics.sys.DOMAIN/monitor-documents -H "Authorization: [AUTH-TOKEN]" --data-binary "@[LOG-MONITOR-DOCUMENT.yml]"

Where: * AUTH-TOKEN is the OAuth token you copied in the previous step. * LOG-MONITOR-DOCUMENT is the name of your Log Monitor Document YAML file.

You can only push log monitors for apps that run in a space that you have access to.

Log Monitor Document API specification

The /monitors-documents path supports POST and the /monitor-documents/{org,space,app} supports GET monitor document for a specific org,space,app. The DELETE variable is not supported for a single log monitor document.

For more details about the Log Monitor Document API, see the following Open API specification.

To use demos and examples, see the Swagger Editor documentation.

openapi: 3.0.2
info:
  title: App Metrics API for the Log Monitor Documents
  version: '1.0'
paths:
  /monitor-documents:
    post:
      description: POST document
      requestBody:
        description: YAML file containing the Log Monitor Document
        required: true
        content:
          text/yaml;charset=utf-8:
            schema:
              $ref: '#/components/schemas/MonitorDocument'
            examples:
              errorCountExample:
                $ref: '#/components/examples/LogMonitorDocumentExample'
      responses:
        '200':
          description: OK
        '400':
          description: Invalid log monitor document format
        '401':
          description: Invalid Authorization header
        '404':
          description: Product name not found
  '/monitor-documents/{productName}':
    parameters:
      - name: productName
        in: path
        required: true
        description: 'org,space,app name for the application to be monitored'
        schema:
          type: string
    get:
      description: GET monitor document
      responses:
        '200':
          description: fetched document successfully
        '400':
          description: No product name supplied
        '401':
          description: Invalid Authorization header
        '404':
          description: Product name not found
components:
  schemas:
    MonitorDocument:
      type: object
      required:
        - product
        - log_monitors
      properties:
        product:
          type: string
          description: 'org,space,app name for the application to be monitored'
        log_monitors:
          type: array
          items:
            $ref: '#/components/schemas/LogMonitor'
        webhook_url:
          type: string
          description: URL of webhook to receive JSON payload when alerts are triggered
    LogMonitor:
      type: object
      required:
        - name
      properties:
        name:
          type: string
        event:
          description: Is to initiate an alert in case of a matched event for the specific application. Allowed events types are CRASH, SSH, START, STOP, UPDATE
          $ref: '#/components/schemas/Event'
        log:
          description: Is to look at given log pattern in the app logs and fire alert in case of match
          $ref: '#/components/schemas/Log'
    Log:
      type: object
      required:
        - log_pattern
        - message_type
        - source_type
        - only_every
        - duration
      properties:
        log_pattern:
          description: The pattern to look at in the logs
        message_type:
          type: string
          description: The file descriptor the log was written to, any subset of {"OUT","ERR"}
        source_type:
          type: string
          description: The source of the log, any subset of {"API","APP","CELL","HEALTH","LGR","RTR","SSH","STG"}
        only_every:
          type: string
          description: 'Minimum duration between alerts. Alerts trigger only every [this duration].'
        duration:
          type: string
          description: How long the value has to be past the threshold before it starts an alert
    Event:
      type: object
      required:
        - type
        - only_every
        - duration
      properties:
        type:
          type: string
          description: Name of event which can be one of the following types - CRASH, SSH, START, STOP, UPDATE
        only_every:
          type: string
          description: 'Minimum duration between alerts. Alerts start only every [this duration].'
        duration:
          type: string
          description: How long the value has to be past the threshold before it starts an alert. In case of event it is required to set to Om
  examples:
    LogMonitorDocumentExample:
      description: |
        A log monitor for the system, catalyst, app metrics application that sends alerts to
        https://my-slack-webhook.com.

        In the log monitor document's YML file specify `event` and `log` in a meantime or at least one of them.
        In case of the `event` set value of the `duration` to `0m`, and for `only_every` recommended value is "1m"
      value: |
        ---
        product: system,catalyst,appmetrics

        webhook_url: https://my-slack-webhook.com

        log_monitors:
          - name: Event match for CRASH
            event:
              type: CRASH
              duration: 0m
              only_every: 1m
          - name: Log match for appmetrics app
            log:
              log_pattern: Point blocked due to tagK
              message_type:
                - OUT
                - ERR
              source_type:
                - API
                - APP
                - CELL
                - HEALTH
                - LGR
                - RTR
                - SSH
                - STG
              only_every: 2m
              duration: 1m

In case of started alerts, the results are posted in the appropriate Slack channel as mentioned in the YAML file. It might appear similar to the following example output:

[OUT] Event match for CRASH matched with log pattern
    App: system, catalyst, appmetrics
    Indicator: MONIT419582b23da0480a8308451011cf7d4a
    Source type: API
    Since: 2022-07-15T06:21:21.131883281Z
    Log pattern: App instance exited with guid
    Details: metrics.sys.DOMAIN/apps/05beac82-0a99-4735-8680-2c214bc6affc

[OUT,ERR] Log match for appmetrics app matched with log pattern
    App: system,catalyst,appmetrics
    Indicator: MONITa046a50ed2b8425eae4e2732bcdb9689
    Source type: API,APP,CELL,HEALTH,LGR,RTR,SSH,STG
    Since: 2022-07-15T06:22:16.953520572Z
    Log pattern: Point blocked due to tagK
    Details: metrics.sys.DOMAIN/apps/c7d3c907-1b14-4f37-b0ee-413a2e4d57d9
check-circle-line exclamation-circle-line close-line
Scroll to top icon