LM Logs ingestion alerting

Question

We recently had an issue where a host was spewing tons of logs to LM. We fixed the problem but would now like to setup some kind of alerting that would alert us if this happens again.

I noticed the Module: LogicMonitor_Collector_LMLogs and that its already in use by our Windows Collectors. I see a few promising Normal Data points: lmLogMessagesAddedToQueueRaw (count of syslog messages sent to Ingest API) and lmLogMessagesSentToIngestRaw (count of log source messages sent to ingest) and SyslogMessagesReceivedRaw (Number of syslog messages received by collector). Then there are some Complex Datapoints that look promising. The problem with all of this is while the Module is in use by one or more of our collectors I am not able to see the graphs or raw data from the Module so I can best determine which data point to use and what the threshold should be.

Where can I see the collected data?

systemgeek · Answer

I totally forgot that there are 2 hosts for a collector. When i found the correct host I was able to see the DS.&nbsp; However, all the values returned for both the Normal Datatypes and Complex ones are 0.

Forum Discussion

LM Logs ingestion alerting

Related Content

Okta log ingestion for non AWS customers

Email Ingestion

LM Logs Alert Tokens

Data from logs

Ingesting application logs

Recent Discussions

LM Logs ingestion alerting

Datapoints configuration Discussion

Freqency of Alerts

SQL CERTIFICATE MONITORING

CERTIFICATES - GET ALL CERTIFICATES FROM SERVER