Calculating the events per second (EPS) - Page 1

#1 chrisc 8 years ago

I am trying to figure out how many events are coming in per hour on a given a input module named win.

I have searched around and haven't found any definitive solution. Most of what I have seen implements the create_stat function. But from there, I am lost. Here is my current config for the input, output, and route. How would I implement this feature into what I currently have?

My end goal is to calculate EPS and write it out to log_info every hour with a message saying something like: EPS calulcated: 3,019


<Input win>

    module          im_tcp

        host            0.0.0.0

        port            524

        Exec            parse_syslog();

        Exec            log_info("Severity Windows Collector: " + $SyslogSeverity + ", Hostname: " + $Hostname);

</Input>
<Output winout>

        Module          om_file

        CreateDir    true

        File            '%WINLOG%'
        <Schedule>

                Every           60 sec

                Exec            if (file_size('%WINLOG%') >= 2G) \

                                { \

                                       file_cycle('%WINLOG%', 500); \

                                        winout->reopen(); \

                                }
        </Schedule>

</Output>
<Route 5>

    Path            win => winout, Grid

</Route>

Permalink

#2 adm Nxlog ✓ 8 years ago

#1 chrisc

I am trying to figure out how many events are coming in per hour on a given a input module named win. I have searched around and haven't found any definitive solution. Most of what I have seen implements the create_stat function. But from there, I am lost. Here is my current config for the input, output, and route. How would I implement this feature into what I currently have? My end goal is to calculate EPS and write it out to log_info every hour with a message saying something like: EPS calulcated: 3,019 <Input win> module im_tcp host 0.0.0.0 port 524 Exec parse_syslog(); Exec log_info("Severity Windows Collector: " + $SyslogSeverity + ", Hostname: " + $Hostname); </Input> <Output winout> Module om_file CreateDir true File '%WINLOG%' <Schedule> Every 60 sec Exec if (file_size('%WINLOG%') >= 2G) \ { \ file_cycle('%WINLOG%', 500); \ winout->reopen(); \ } </Schedule> </Output> <Route 5> Path win => winout, Grid </Route>

To print EPS you would need something like this:

<Input in_tcp>
    Module      im_tcp
    Host        0.0.0.0
    Port        1415
    Exec        create_stat("stat", "RATE", 1); add_stat("stat", 1);

    <Schedule>
        Every   1 sec
        Exec    log_info("EPS: " + get_stat("stat"));
    </Schedule>
</Input>

You will need to adjust the numbers if you want it printed every hour.