How to display full or short process name in LM

  • 14 November 2022
  • 17 replies
  • 12 views

Hi Team,

I am trying setup process monitoring using one of the data source which monitor process.
can you please help me how to get alert with full process name ?.
i am not getting full process name as instance. 


17 replies

Userlevel 7
Badge +17

Depends on the datasource, but is the full name part of the description? If so, put the ##DSIDESCRIPTION## in the alert body. FYI: here are all the tokens you can put in an alert: https://www.logicmonitor.com/support/logicmodules/about-logicmodules/tokens-available-in-datasource-alert-messages

Thanks Stuart,

I have add the tokens already and able to monitor process, but its  only showing first few string of the process (not form the discription). is there any way we can pull the last few string text of the process name. 

process name text is very long around 4k. any groovy scripts technique ?

Userlevel 7
Badge +17

What's the DS you're using? What does the instance tab look like? Is the data you need not in the description? Is it in the description, but it's cut off? If you're looking for pages of data, you might be looking in the wrong place as large blocks of text should be done using a config source.

Userlevel 6
Badge +11

If the DS is one of the regular SNMP modules, this data would not be available typically (need to enable and define automatic instance properties).  OTOH, process monitoring with the normal SNMP method is nearly useless since they use the process ID as the wildvalue and the process ID sometimes changes for perfectly good reasons. We just ran into this with Puppet_Agent_Process after a bunch of alerts following maintenance reboots.  Ideally, datapoints could include a trigger capability to (for example) cause AD to run (like if a reboot has happened).  Since that is not possible without API integration we just scrapped that module and wrote our own. We still track PID so we can detect flapping, but not as the wildvalue.  There is a module called LinuxNewProcesses- you may want to look at as an example -- if there are fields not stored as auto properties, they could be added and then referenced as tokens.

Userlevel 6
Badge +11

Let me clarify -- the LinusNewProcesses- module uses manual wildvalues based on the process name, not PID.  But it is buggy garbage (filed a new ticket on that earlier).  Others like the provided process check for puppet use AD for PID wildvalues, which is messed up.

Ok the issue is something like below-

1. we are monitoring the process by using the DS called LinuxNewProcesses.
2. we have added wildvalues  token at the beginning of process, that is displaying Pid at the beginning process name. for Example : 12345-processsssssss_tool_java.conf  

Issue facing : as the process name is very long it not garbing full name from 12345 to conf. its only displaybing like 12345-proce.


What we have to do to get the full name or specific portion of the process name to be displayed as instance name.

Userlevel 6
Badge +11

LinuxNewProcesses does not require the PID in the wildvalue, at least I see nowhere in the code it would be used as in input parameter (nor should that ever be needed -- that would be super fragile).  It requires (in the current buggy version) the full process path AND the process arguments (the latter is the bug -- code should hopefully be fixed in the repo soon as I did receive confirmation from support they were able to see the problem). If you want to fix it locally in the meantime, the impacted code is in the run() method (changes highlighted with >>> prefixes.

    static run(String hostname, String processName, out)
    {
        def startTime = new Date().getTime()
                def processArg = processName.tokenize( \"||\")
>>>                def processParam;
                def processPath = processArg[0]

                if(processArg.size() == 2) {
                        processParam = processArg[1]
                }

        // Get all of the data at the same time to minimize
        def processPaths = Snmp.walkAsMap(hostname, OID_NAME, null, 20000)
        def processParams = Snmp.walkAsMap(hostname, OID_PARAM, null, 20000)

        List<String> cpuValues
        List<String> memValues
        List<String> statusValues

        List<String> pids = [];

        processPaths.each {
            pid, name ->
>>>                if((name == processPath) && (processParam == null || processParams[pid] == processParam)) {
                    pids << pid
                }
        }

 

Userlevel 6
Badge +11
On 11/16/2022 at 6:07 AM, mnagel said:

LinuxNewProcesses does not require the PID in the wildvalue, at least I see nowhere in the code it would be used as in input parameter (nor should that ever be needed -- that would be super fragile).  It requires (in the current buggy version) the full process path AND the process arguments (the latter is the bug -- code should hopefully be fixed in the repo soon as I did receive confirmation from support they were able to see the problem). If you want to fix it locally in the meantime, the impacted code is in the run() method (changes highlighted with >>> prefixes.

    static run(String hostname, String processName, out)
    {
        def startTime = new Date().getTime()
                def processArg = processName.tokenize( \"||\")
>>>                def processParam;
                def processPath = processArg[0]

                if(processArg.size() == 2) {
                        processParam = processArg[1]
                }

        // Get all of the data at the same time to minimize
        def processPaths = Snmp.walkAsMap(hostname, OID_NAME, null, 20000)
        def processParams = Snmp.walkAsMap(hostname, OID_PARAM, null, 20000)

        List<String> cpuValues
        List<String> memValues
        List<String> statusValues

        List<String> pids = [];

        processPaths.each {
            pid, name ->
>>>                if((name == processPath) && (processParam == null || processParams[pid] == processParam)) {
                    pids << pid
                }
        }

 

I was saddened to find that the developers rejected this fix to allow for optional argument matching, claiming it represents a desire on my part for "a wide reaching application monitoring solution".  I feel like they have perhaps hit their collective heads, but I have no option but to never import that module again.  And before anyone says "CSM" -- been there, no help (no response actually).

Userlevel 7
Badge +17
On 11/23/2022 at 6:15 PM, mnagel said:

claiming it represents a desire on my part for "a wide reaching application monitoring solution"

Found out my portal doesn't have OpenMetrics enabled for a similar reason: we didn't get any licenses for the apm feature and "OpenMetrics would only ever be used by a developer". SMH. Can anyone spell "IoT"? Don't get me started on ARM.

Userlevel 6
Badge +11
2 minutes ago, Stuart Weenig said:

Found out my portal doesn't have OpenMetrics enabled for a similar reason: we didn't get any licenses for the apm feature and "OpenMetrics would only ever be used by a developer". SMH. Can anyone spell "IoT"? Don't get me started on ARM.

We just had a demo presented on APM to one of our clients.  It was so poorly received I was informed they are going to be moving entirely from the platform now.  So I have been suitably trained now to not show clients new features :(

Userlevel 7
Badge +17
21 hours ago, mnagel said:

We just had a demo presented on APM to one of our clients

It's a nice dream. Execution is still very immature. LM keeps using the word "platform", but i'm not sure any of the management has gotten an engineer to draw a picture of what the LM "platform" would really look like. 

Userlevel 1
Badge +3
On 11/23/2022 at 7:15 PM, mnagel said:

I was saddened to find that the developers rejected this fix to allow for optional argument matching, claiming it represents a desire on my part for "a wide reaching application monitoring solution".  I feel like they have perhaps hit their collective heads, but I have no option but to never import that module again.  And before anyone says "CSM" -- been there, no help (no response actually).

I have two DataSources I've attempted to put up on the Exchange that use Regular Expression to pick and choose with processes one monitors -- we've leveraged it to a large degree of success so far, and was the only favorable way I could find to leverage process monitoring via SNMP at scale. Here are the locator codes:

JDCMLM (SNMP version)
9YLFYE (SSH version)

These are presently under Security review (and have been since I uploaded them September 07, 2022), so I don't know if they're actually visible on the Exchange. Maybe @Stuart Weenigcan enlighten us to whether or not they're viewable while in Security Review ?

I will say that, as a matter of principle, checking process health by whether it's running or not really isn't appropriate -- it should only be viewed as a stop-gap. Querying the processes directly for their health is 100% the only correct path to take (though not always available). Anyone who argues that this type of monitoring constitutes 'wide-reaching application monitoring solution' really doesn't have an understanding as to what 'application monitoring' actually means, and I, too, would strongly question their motivation for making such an argument. 

Userlevel 7
Badge +17

I'm no longer at LM. I don't have visibility into that anymore. Besides, the only visibility I had was to ping @Michael Rodrigues

Userlevel 7
Badge +17
2 hours ago, Austin Culbertson said:

Anyone who argues that this type of monitoring constitutes 'wide-reaching application monitoring solution' really doesn't have an understanding as to what 'application monitoring' actually means, and I, too, would strongly question their motivation for making such an argument. 

It's a money grab. LM APM is a different license bucket with different costs. They're trying to draw the line between infrastructure monitoring and application monitoring. I'm curious (DM me) about your thoughts because I had thought that individual process monitoring should be done on a deeper level, a la APM. Some of it is LM's origins as a device monitoring system. Multi-instance was probably only thought of for cases of interfaces, drives, etc., not something that can be as ephemeral as processes.

Userlevel 6
Badge +11
2 minutes ago, Stuart Weenig said:

It's a money grab. LM APM is a different license bucket with different costs. They're trying to draw the line between infrastructure monitoring and application monitoring. I'm curious (DM me) about your thoughts because I had thought that individual process monitoring should be done on a deeper level, a la APM. Some of it is LM's origins as a device monitoring system. Multi-instance was probably only thought of for cases of interfaces, drives, etc., not something that can be as ephemeral as processes.

Basic process monitoring is not APM -- it includes liveness, memory usage, CPU usage -- global info about a process, and that should be part of LM core features in a non-buggy way.  APM involves collecting telemetry data, code instrumentation, etc. so you can trace what is happening within the application (e.g, database queries, file access, etc.). Agreed it is a money grab, like LM Logs was the solution to replace the horribly "designed" event source system, but for additional $$, which the venture capitalists insist on.

I just looked at Data Dog again, since that was where my client who ran screaming from LM after the APM demo decided to move and they have a super-granular cloud-like cost model.  Not a fan, but I guess anyone who uses AWS, Azure, etc. is used to it.  I am sure it is far superior, but my brief foray into it a year ago to see if we could move away from LM left me cold as far as network monitoring (at the time anyway).

Userlevel 1
Badge +3
28 minutes ago, Stuart Weenig said:

I'm no longer at LM. I don't have visibility into that anymore. Besides, the only visibility I had was to ping @Michael Rodrigues

Oh, well then! Congratulations upon your career development, then! :) 

 

Userlevel 1
Badge +3
23 minutes ago, mnagel said:

Basic process monitoring is not APM -- it includes liveness, memory usage, CPU usage -- global info about a process, and that should be part of LM core features in a non-buggy way.  APM involves collecting telemetry data, code instrumentation, etc. so you can trace what is happening within the application (e.g, database queries, file access, etc.). Agreed it is a money grab, like LM Logs was the solution to replace the horribly "designed" event source system, but for additional $$, which the venture capitalists insist on.

I just looked at Data Dog again, since that was where my client who ran screaming from LM after the APM demo decided to move and they have a super-granular cloud-like cost model.  Not a fan, but I guess anyone who uses AWS, Azure, etc. is used to it.  I am sure it is far superior, but my brief foray into it a year ago to see if we could move away from LM left me cold as far as network monitoring (at the time anyway).

Agree completely on the process monitoring vs. APM front. I don't see any non-convoluted way to implement this with the base LM platform while making certain it is widely usable by multiple customers, hence us developing our own DataSource to accomplish what we thought was a sensible way to scale process monitoring in LM (but still in a bit of a convoluted way). Insofar as DataDog is concerned, you're absolutely paying a very pretty penny for their services :)

Insofar as LM Logs is concerned, I think there is merit to the solution -- It's not as intelligent as I would have liked it to be on the Anomaly Detection front, but the ability to align logs with their resources and make them queryable is certainly a significant value-add compared to EventSource. I don't feel it's particularly 'cash grabby' of them to charge for a product that especially has novel/net-new features, particularly when compared to other platforms that already charge for such functionality.

Reply