Hi everyone I m trying to push a message to Slack whenever t SigNoz Community #support

Hi everyone! I'm trying to push a message to Slac...

Jason Brewer

01/17/2023, 10:52 AM

Hi everyone! I'm trying to push a message to Slack whenever there are > N log messages of

level

===

error

. My JSON structured log looks like this:

Copy code

{
  "timestamp": 1673948790110000000,
  "id": "2KPcDvuJzmCPDve2CDoFaLib3lM",
  "trace_id": "",
  "span_id": "",
  "trace_flags": 0,
  "severity_text": "",
  "severity_number": 0,
  "body": "⚠️ Auth error: Missing Authorization header",
  "resources_string": {},
  "attributes_string": {
    "env": "dev",
    "level": "error",
    "log_file_path": "/tmp/logs/udx-services-ingress-out.log",
    "service": "ingress"
  },
  "attributes_int": {},
  "attributes_float": {}
}

These docs are a great start but it's not at all obvious to me how I write a query that rips out

attributes_string.level

and

attributes_string.env

I'm just playing around to see what is available in the query and so far (but no so good!) I've got this:

Copy code

select 
toStartOfInterval(fromUnixTimestamp64Nano(timestamp), INTERVAL 35 MINUTE) AS interval
, toFloat64(count()) as value
, attributes_string_key[1]
FROM signoz_logs.distributed_logs  
WHERE timestamp BETWEEN {{.start_timestamp_nano}} AND {{.end_timestamp_nano}}
GROUP BY interval, attributes_string_key;

Which produces this Chart preview (see thread)

nitya-signoz

01/17/2023, 10:54 AM

You will need to convert

env

and

level

to selected fields first, from the UI. This will reduce the load on the database.

Jason Brewer

01/17/2023, 10:54 AM

(chart preview)

Jason Brewer

01/17/2023, 10:56 AM

Is that simply by adding them to this list?

nitya-signoz

01/17/2023, 10:56 AM

Then you will be able to use the columns directly

Copy code

select toStartOfInterval(fromUnixTimestamp64Nano(timestamp), INTERVAL 1 MINUTE) AS interval, quantile(0.9)(bytes) as value from signoz_logs.logs  where timestamp > toUnixTimestamp64Nano(now64() - INTERVAL 30 MINUTE)  group by interval order by interval asc;

Eg:- here I have used the

bytes

which is a selected field.

Jason Brewer

01/17/2023, 10:58 AM

oh wow - so it's literally just as simple as something like this?

Copy code

select 
toStartOfInterval(fromUnixTimestamp64Nano(timestamp), INTERVAL 30 MINUTE) AS interval
, toFloat64(count()) as value
, level 
FROM signoz_logs.distributed_logs  
WHERE timestamp BETWEEN {{.start_timestamp_nano}} AND {{.end_timestamp_nano}} and level = 'error'
GROUP BY interval, level;

Jason Brewer

01/17/2023, 11:01 AM

I'm also a little confused about the difference between

signoz_logs.logs

and

signoz_logs.distributed_logs

. From reading other messages on here it seems like

distributed_logs

operates across a clickhouse cluster? I'm running the entire Signoz stack on a single machine via docker-compose. Presumably, for my set up at least, there should be no difference in the results returned between

signoz_logs.logs

and

signoz_logs.distributed_logs

nitya-signoz

01/17/2023, 11:02 AM

Yeah, please go ahead with

distributed_logs

, it is just a wrapper on top of

logs

for distributed support.

Jason Brewer

01/17/2023, 11:05 AM

I can confirm that this query runs exactly as expected:

Copy code

select 
toStartOfInterval(fromUnixTimestamp64Nano(timestamp), INTERVAL 30 MINUTE) AS interval
, toFloat64(count()) as value  
FROM signoz_logs.distributed_logs 
WHERE timestamp BETWEEN {{.start_timestamp_nano}} AND {{.end_timestamp_nano}} 
and level = 'error' 
and env = 'dev'
and service = 'graphql'
GROUP BY interval;

Thanks so much @nitya-signoz!

11 Views

Open in Slack

Previous Next