Windows File Monitoring
You can configure MetricsHub to monitor files on Windows systems.
In the example below, we configured MetricsHub to:
- monitor all files matching the path pattern
C:\\Program Files\\MyApp\\logs\\*.log - search for the patterns "Error", "Exception", "Failure"
- count how many times these patterns occur
- expose the result through the
system.file.match.countmetric.
This use case allows you to track:
- the number of errors in log files
- the number of exceptions
- the number of specific events or keywords.
Procedure
To achieve this use case:
-
Declare the resource to be monitored (
prod-win-web) and its attributes (host.name,host.type)resources:
prod-win-web:
attributes:
host.name: prod-win-web
host.type: windows -
Configure the
WMIprotocol with credentials and timeoutprotocols:
wmi:
username: USERNAME
password: PASSWORD
timeout: 240
Important: Monitoring large files may take time. Specify a sufficient timeout (for example,
240seconds) to prevent connection timeouts.
-
Configure the monitor job to target the desired files
monitors:
file:
simple: -
Configure the File source
sources:
# FileSource: one row per file [path, content]; line is "path;content;" (path can contain spaces).
# Do not use $1 for path: default FS is space so $1 would be "C:\Program" only. Split on first ";" instead.
fileSource:
type: file
paths: C:\\Program Files\\MyApp\\logs\\*.log # Glob pattern matching the file paths to monitor
mode: log # File fetching mode. Use log for log file monitoring
maxSizePerPoll: 1MB # Maximum size (in MB) to read per polling cycle. -
Create an awk script to count how many times specific patterns appear in each file
computes:
- type: awk # The awk script processes each file and counts how many times the content pattern is found
script: | # pattern can be a single string ("Error") or a regular expression ("Error|Exception|Failure").
BEGIN { pattern = "Error|Exception|Failure" }
index($0, ";") > 0 {
path = substr($0, 1, index($0, ";") - 1)
content = substr($0, index($0, ";") + 1)
if (substr(content, length(content), 1) == ";") content = substr(content, 1, length(content) - 1)
if (pattern == "" || content == "") count = 0; else count = gsub(pattern, "&", content)
print path ";" count # Use an empty string "" to skip matching and return 0.
} -
Define the identification attributes
mapping:
# Mapping is executed on the result produced by the source (after computes are applied).
source: ${source::fileSource}
attributes:
id: $1
system.file.path: $1
system.file.keyword: Error|Exception|Failure -
Expose the number of matches using the
system.file.match.countmetricmetrics:
# Emit a datapoint per file: number of pattern matches found in each file.
system.file.match.count: $2
Here is the complete YAML configuration:
resources:
prod-win-web:
attributes:
host.name: prod-win-web
host.type: windows
protocols:
wmi:
username: USERNAME
password: PASSWORD
timeout: 240
monitors:
file:
keys:
- id
- system.file.keyword
simple:
sources:
# FileSource: one row per file [path, content]; line is "path;content;" (path can contain spaces).
# Do not use $1 for path: default FS is space so $1 would be "C:\Program" only. Split on first ";" instead.
fileSource:
type: file
paths: C:\\Program Files\\MyApp\\logs\\*.log
mode: log
maxSizePerPoll: 1MB
computes:
- type: awk
script: |
BEGIN { pattern = "Error|Exception|Failure" }
index($0, ";") > 0 {
path = substr($0, 1, index($0, ";") - 1)
content = substr($0, index($0, ";") + 1)
if (substr(content, length(content), 1) == ";") content = substr(content, 1, length(content) - 1)
if (pattern == "" || content == "") count = 0; else count = gsub(pattern, "&", content)
print path ";" count
} # Use an empty string "" to skip matching and return 0.
mapping:
# Mapping is executed on the result produced by the source (after computes are applied).
source: ${source::fileSource}
attributes:
id: $1
system.file.path: $1
system.file.keyword: Error|Exception|Failure
metrics:
# Emit a datapoint per file: number of pattern matches found in each file.
system.file.match.count: $2