https://community.dynatrace.com/t5/Alerting/Convert-Log-query-to-log-metric-event-for-alerting/m-p/267152#M5371 <P>Hi&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/59572">@rpeng</a>&nbsp;,<BR />As far as I understood your query, you should use summarize to get the count of errors and then split using dimensions.<BR />Below is a sample:<BR /><BR />fetch logs<BR />| filter loglevel == "ERROR"<BR />| summarize count(), by: {dt.entity.host,log.source}<BR /><BR />Later, while setting the alert definition you can set the 1 minute interval to check the count of errors.<BR /><A href="https://docs.dynatrace.com/docs/shortlink/lma-e2e-create-anomaly-detection-metric#create-alert" target="_blank">https://docs.dynatrace.com/docs/shortlink/lma-e2e-create-anomaly-detection-metric#create-alert</A>&nbsp;<BR /><BR /></P> Sat, 11 Jan 2025 01:09:20 GMT RohitBisht 2025-01-11T01:09:20Z https://community.dynatrace.com/t5/Alerting/Convert-Log-query-to-log-metric-event-for-alerting/m-p/267150#M5370 <DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class="">Hello,</DIV><DIV class="">&nbsp;</DIV><DIV class="">&nbsp;</DIV><DIV class=""><P>We need to create a log metric to track the number of errors per minute, and then we can create a metric event that triggers if the number of errors is &gt; some value for more than X minutes in the last X minutes.&nbsp; This should then create a problem card if there are errors and then we can create alerts off of that problem card.</P><P>Query:</P><P><SPAN>fetch logs //, scanLimitGBytes: 500, samplingRatio: 1000<BR />| filter matchesValue(dt.kubernetes.cluster.name, "dynakube-prd-centralus-plum-app-k8s") or matchesValue(dt.kubernetes.cluster.name, "dynakube-prd-eastus2-plum-app-k8s")<BR />| filter matchesValue(k8s.deployment.name, "claims-ai-svc-claims-ai-helm-*")<BR />| filter k8s.container.name == "claims-ai-helm"&nbsp;<BR />| sort timestamp desc<BR />| parse content, "JSON:json"<BR />| filter json[level] == "error"<BR />| fields&nbsp; timestamp ,json[level],json[data][msg],json[context], json[aiClaimId],content,json[hostname]</SPAN></P><P>&nbsp;</P><P><SPAN>I am creating the new log processing rule but I am unable to set the correct processor definition in addition to the Matcher as my query above has several filters. Can someone assist me with corrections? Following documentation here:</SPAN></P><P><SPAN><A href="https://docs.dynatrace.com/docs/analyze-explore-automate/logs/lma-use-cases/lma-e2e-create-anomaly-detection-metric" target="_blank" rel="noopener">Create anomaly detection metric — Dynatrace Docs</A></SPAN></P><P><SPAN>Currently i'm using the last matchesValue:</SPAN></P><P><SPAN>matchesValue(k8s.deployment.name, "claims-ai-svc-claims-ai-helm-*")</SPAN></P></DIV></DIV></DIV></DIV></DIV></DIV></DIV><DIV class="">&nbsp;</DIV> Fri, 10 Jan 2025 22:14:18 GMT https://community.dynatrace.com/t5/Alerting/Convert-Log-query-to-log-metric-event-for-alerting/m-p/267150#M5370 rpeng 2025-01-10T22:14:18Z https://community.dynatrace.com/t5/Alerting/Convert-Log-query-to-log-metric-event-for-alerting/m-p/267152#M5371 <P>Hi&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/59572">@rpeng</a>&nbsp;,<BR />As far as I understood your query, you should use summarize to get the count of errors and then split using dimensions.<BR />Below is a sample:<BR /><BR />fetch logs<BR />| filter loglevel == "ERROR"<BR />| summarize count(), by: {dt.entity.host,log.source}<BR /><BR />Later, while setting the alert definition you can set the 1 minute interval to check the count of errors.<BR /><A href="https://docs.dynatrace.com/docs/shortlink/lma-e2e-create-anomaly-detection-metric#create-alert" target="_blank">https://docs.dynatrace.com/docs/shortlink/lma-e2e-create-anomaly-detection-metric#create-alert</A>&nbsp;<BR /><BR /></P> Sat, 11 Jan 2025 01:09:20 GMT https://community.dynatrace.com/t5/Alerting/Convert-Log-query-to-log-metric-event-for-alerting/m-p/267152#M5371 RohitBisht 2025-01-11T01:09:20Z