29 Aug 2024 09:20 PM - last edited on 30 Aug 2024 08:36 AM by MaciejNeumann
Hello Folks,
I have one DQL which is fetching a logs and searching through one error statement.
In result, it returns few column containing error pattern (that I have added in DQL as a filter) and also few other columns/fields like used ID, Trace ID, request ID.
I wanted to check though this logs every five minutes and get alerted if the log entries have that error pattern and most important thing is, problem should carry all the information i.e. used ID, Trace ID, request ID.
I tried configuring Davis anomaly detection (converting it into timeseries) but we only can pass available placeholders like alert condition, baseline, severity, threshold.
Is that something achievable? Can someone please guide.
Regards,
AK
Solved! Go to Solution.
30 Dec 2024 07:56 PM
You can achieve this by adding in custom attributes. This will allow you to extract out segments of the log file and list it, much like a request attribute. Once you build that, you can then define the alert criteria and include the new custom attribute as a placeholder in the alert payload.
31 Dec 2024 12:18 AM
Hi @AK ,
Another way than what Chad has mentioned to do this is using a DQL like this.
Filter by the error and split by the column you want in a timeseries. Once you get the required results you can use the anomaly detector app to configure alerts.
fetch logs
| filter trace_id != "NULL"
| makeTimeseries count(), by: {trace_id,aws.account.id}