Home
User Guides
Start typing to search…
  1. Products
  2. Metrics
  3. Metrics tutorials

Shape metrics

To understand how metrics work in Observe, we can walk through a tutorial sequence of creating, ingesting, shaping, and viewing metrics.

Create metrics

The process data on a Unix system, such as a macOS laptop or Linux EC2 instance, can be used as a metric source. Use the shell script to send data from ps to Observe every five seconds, sent to a Datastream called metrics-test. Before you convert it to JSON, the original ps output looks like this:

PID   RSS     TIME %CPU COMMAND
  1 12752        1  2.0 systemd
  2     0        0  0.0 kthreadd
  3     0        0  0.0 rcu_gp
FieldDescription
PIDProcess ID
RSSResident set size (memory used, kb)
TIMEAccumulated CPU time
%CPUPercent of CPU utilization
COMMANDProcess name

As the data is ingested into a datastream, Observe adds a timestamp, an ingest type, and metadata about the datastream. In this example, the process data is in FIELDS as a JSON object:

Since you perform most of the shaping with OPAL, the walkthrough focuses on verbs and functions rather than UI actions.

The first step to converting the Datastream into metrics is shaping the data using OPAL.

  1. Open a new Worksheet for the existing metrics-test event dataset.

  2. In the OPAL console, extract the necessary fields with flatten_leaves, pick_col, and extract_regex.

    // Flatten_Leaves creates a new row for each set of process data,
// corresponding to one row in the original output
// Creates _c_FIELDS_stdout_value containing each string
// and _c_FIELDS_stdout_path for its position in the JSON object 
flatten_leaves FIELDS.stdout

// Select the field that contains the data you want. Rename the field too.
// pick_col must include a timestamp, even if you aren't explicitly using it
pick_col BUNDLE_TIMESTAMP, ps:string(_c_FIELDS_stdout_value)

// Extract fields from the ps string output with a regex
extract_regex ps, /^s+(?P<pid>d+)s+(?P<rss>d+)s+(?P<cputimes>d+)s+(?P<pcpu>d+.d+)s+(?P<command>S+)s*$/

The reformatted data now looks like the following:

BUNDLE_TIMESTAMPpscommandpcpucputimesrsspid
02/24/21 16:14:03.1511 12752 1 2.0 systemdsystemd2.01127521
02/24/21 16:14:03.1512 0 0 0.0 kthreaddkthreadd0.0002
02/24/21 16:14:03.1513 0 0 0.0 rcu_gprcu_gp0.0003

Note that you could also extract fields with a regex from the UI by selecting Extract from text from the column menu and using the Custom regular expression method. Although the other steps still require writing OPAL statements.

  1. Shape into narrow metrics:

    // Create a new object containing the desired values,
// along with more verbose metric names
make_col metrics:make_object("resident_set_size":rss, "cumulative_cpu_time":cputimes, "cpu_utilization":pcpu)

// Flatten that metrics object to create one row for each value
flatten_leaves metrics

// Select the desired fields, renaming in the process
// Also convert the value to float64, necessary for metric values
pick_col valid_from:BUNDLE_TIMESTAMP,
  pid, command,
  metric:string(_c_metrics_path), value:float64(_c_metrics_value)

    After shaping, it appears like this:

    valid_frompidcommandmetricvalue
    02/24/21 16:14:03.1511systemdcpu_utilization2.0
    02/24/21 16:14:03.1511systemdresident_set_size12752
    02/24/21 16:14:03.1511systemdcumulative_cpu_time1
    02/24/21 16:14:03.1512kthreaddcpu_utilization0.0
    02/24/21 16:14:03.1512kthreaddresident_set_size0
    02/24/21 16:14:03.1512kthreaddcumulative_cpu_time0
    02/24/21 16:14:03.1513rcu_gpcpu_utilization0.0
    02/24/21 16:14:03.1513rcu_gpresident_set_size0
    02/24/21 16:14:03.1513rcu_gpcumulative_cpu_time0

  2. Register an interface to identify this dataset as containing metrics data:

    // Metric names are in field "metric", values in "value"
interface "metric"

    An interface "metric" statement tells Observe several important things about a Dataset:

    • This is a narrow metric Dataset, each row representing one metric point.
    • The values in field metric contains the metric names, such as cpu_utilization.
    • The values in field value contains the metric values, such as 2.0.
    • The values in valid_from contains the time of the observation
    • The other fields (pid and command) contain tags that provide additional context

  3. Save the shaped data as a new Dataset.

    After shaping the data, save the results by publishing a new event stream. This creates a new Dataset containing the metric events and allows them to be used by other Datasets and Worksheets.

    In the right menu, click Publish New Event Stream and give the new Dataset a name. For this example, you name it process/linux-process-metrics to create the dataset in a new process package. Click Publish to save.

  1. View the metrics in Observe.

    Now that you identified that the dataset contains metrics, Observe discovers the individual metrics without further shaping. This process takes a few minutes, after which you can find the new metrics in the Metrics tab of the Explore page.

  2. Search for the package process to view only the metrics for this package. Click on a metric to view the details:

Advanced metric shaping

If auto-detected metrics incorrectly handle your data, you may also explicitly define the metrics of interest with the set_metric verb.

For example:

set_metric options(type:"cumulativeCounter", unit:"bytes", description:"Ingress reported from somewhere"), "ingress_bytes"

This statement registers the metric ingress_bytes as a cumulativeCounter, aggregating over time as a rate and across multiple tags as a sum. To learn more about allowed values for the rollup and aggregate options, see the OPAL verb documentation for set_metric. See Units of measurement for unit sizes and descriptions.

Observe is also able to pre-aggregate derived metrics; see Shape aggregated metrics for this tutorial.


Updated 25 days ago