1

我在 .NET Web API 中有一个控制器操作方法,其中在方法的开头有一个日志语句,它只是记录Started,这意味着执行已经开始。

然后,就在返回响应之前,还有另一个日志语句记录Finished,这意味着执行已完成。

现在,如果两个日志事件之间的时间差超过特定数字(例如 10 秒),我想设置一个 Sumo Logic 通知警报。

基本上,我想要实现的是,如果我的 API 端点发送响应的时间超过特定持续时间,我希望得到通知。

4

3 回答 3

1

I'm not familiar with SumoLogic so don't know if there's a way to have it search the logs for a Started and Ended event with the same id (i.e. something to indicate the Ended found relates to the same query as the Started) then compare the times.

However it looks like it does allow you to fire alerts based on single log entries: https://help.sumologic.com/Dashboards-and-Alerts/Alerts/03-Create-a-Real-Time-Alert

public T MyApiFunction()
{
    T result;
    var id = Guid.NewGuid(); //id used so we can tie up related start and end events if that option's possible
    var startedAt = DateTime.UtcNow;
    logger.Log("Started", id, startedAt);

    //...

    var completedAt = DateTime.UtcNow;
    logger.Log("Completed", id, completedAt);
    var secondsTaken = end.Subtract(start).TotalSeconds;
    if (secondsTaken > AlertThresholdSeconds)
    {
        logger.Error(String.Format("API call time exceeded threshold: {0} seconds", secondsTaken),id);
    }
    return result;
}

I suspect there are better options out there / that SumoLogic offers options which monitor the call externally, rather than requiring additional logic in the API's code to handle this. Sadly I couldn't see any obvious documentation for that though.

于 2018-03-18T18:39:31.570 回答
0

请原谅我的提问,但是是什么阻止了您对其进行编码?您不能仅从结束时间中减去开始时间并根据结果的秒数采取行动吗?

于 2018-03-18T18:07:25.270 回答
0

使用连接运算符可以做到这一点。
实际上,如果您有 2 个搜索(一个用于开始事件,一个用于完成事件),您可以将它们连接在一起,然后从开始时间中减去完成时间以获得增量并从中触发事件。

示例
输入

starting stream from stream-2454 starting stream from stream-7343 starting search search-733434 from parent stream stream-2454 starting search search-854343 from parent stream stream-7343 starting stream from stream-6543 starting search search-455563 from parent stream stream-6543 starting search search-32342 from parent stream stream-7343

代码
* | join (parse "starting stream from *" AS a) AS T1, (parse "starting search * from parent stream *" AS b, c) AS T2 on T1.a = T2.c

结果
a b c stream-2454 search-733434 stream-2454 stream-7343 search-854343 stream-7343 stream-7343 search-32342 stream-7343 stream-6543 search-854343 stream-6543

于 2018-06-01T08:12:28.027 回答