{ "name": "MongoDB Version 3.0", "description": "For Logentries account subscribers, tested on MongoDB Version 3.0.1", "searches": [ { "name": "CommandType", "description": "Command vs Query", "query": "where(/\\[\\w+\\] (?P\\w+)/i databaseCommand=query OR databaseCommand=command) groupby(databaseCommand) calculate(COUNT)" }, { "name": "DatabaseCommand", "description": "Command or Query Executed", "query": "where(/command: (?P\\w+)/i AND command!=isMaster AND command!=whatsmyuri) groupby(command) calculate(COUNT)" }, { "name": "ResLen", "description": "Query Result Length in Bytes", "query": "where(reslen) calculate(AVERAGE:reslen)" }, { "name": "Component", "description": "Distribution of MongoDB Components", "query": "where(/(?P[A-Z]{3,8})/) groupby(component) calculate(COUNT)" }, { "name": "Severity", "description": "Distribution of Severity Levels", "query": "where(/(?P F | E | W | I | D )/) groupby(sl) calculate(COUNT)" }, { "name": "Access", "description": "Access Operations", "query": "where(/(?P[A-Z]{3,8})/ component=ACCESS) calculate(COUNT)" }, { "name": "Command", "description": "Command Operations", "query": "where(/(?P[A-Z]{3,8})/ component=COMMAND) calculate(COUNT)" }, { "name": "Control", "description": "Control Operations", "query": "where(/(?P[A-Z]{3,8})/ component=CONTROL) calculate(COUNT)" }, { "name": "Geo", "description": "Geo Operations", "query": "where(/(?P[A-Z]{3,8})/ component=GEO) calculate(COUNT)" }, { "name": "Index", "description": "Index Operations", "query": "where(/(?P[A-Z]{3,8})/ component=INDEX) calculate(COUNT)" }, { "name": "Network", "description": "Network Operations", "query": "where(/(?P[A-Z]{3,8})/ component=NETWORK) calculate(COUNT)" }, { "name": "Query", "description": "Query Operations", "query": "where(/(?P[A-Z]{3,8})/ component=QUERY) calculate(COUNT)" }, { "name": "Repl", "description": "Replica Set Operations", "query": "where(/(?P[A-Z]{3,8})/ component=REPL) calculate(COUNT)" }, { "name": "Sharding", "description": "Sharding Operations", "query": "where(/(?P[A-Z]{3,8})/ component=SHARDING) calculate(COUNT)" }, { "name": "Storage", "description": "Storage Operations", "query": "where(/(?P[A-Z]{3,8})/ component=STORAGE) calculate(COUNT)" }, { "name": "Journal", "description": "Journal Operations", "query": "where(/(?P[A-Z]{3,8})/ component=JOURNAL) calculate(COUNT)" }, { "name": "Write", "description": "Write Operations", "query": "where(/(?P[A-Z]{3,8})/ component=WRITE) calculate(COUNT)" } ], "tags": [ { "type": "Alert", "name": "Server Restarted", "description": "Triggers when MongoDB server restarts", "labels": [ { "name": "Server Restarted", "color": "53ACFF" } ], "patterns": [ "SERVER RESTARTED" ], "actions": [{ "type": "Alert", "min_matches_count": 1, "min_matches_period": "Day", "min_report_count": 1, "min_report_period": "Day" }] }, { "type": "Alert", "name": "Connection Accepted", "description": "Connection Accepted", "labels": [ { "name": "Connection Accepted", "color": "50FF20" } ], "patterns": [ "connection accepted" ], "actions": [{ "type": "Alert", "min_matches_count": 1, "min_matches_period": "Day", "min_report_count": 1, "min_report_period": "Day" }] }, { "type": "Alert", "name": "DR102", "description": "Too much data written uncommitted", "labels": [ { "name": "Journal flush exceeded 256MB", "color": "FFA582" } ], "patterns": [ "DR102" ], "actions": [{ "type": "Alert", "min_matches_count": 1, "min_matches_period": "Day", "min_report_count": 1, "min_report_period": "Day" }] }, { "type": "Alert", "name": "Server Slow", "description": "Server Status was very slow", "labels": [ { "name": "Server Slow", "color": "FF521C" } ], "patterns": [ "serverStatus was very slow" ], "actions": [{ "type": "Alert", "min_matches_count": 1, "min_matches_period": "Day", "min_report_count": 1, "min_report_period": "Day" }] }, { "type": "Alert", "name": "Write Operation Tag", "description": "Tags for insert, update and delete operations", "labels": [ { "name": "Write Operation", "color": "DE00FF" } ], "patterns": [ "command: insert", "command: update", "command: delete" ], "actions": [{ "type": "Alert", "min_matches_count": 1, "min_matches_period": "Day", "min_report_count": 1, "min_report_period": "Day" }] }, { "type": "Alert", "name": "Aggregation Command Tag", "description": "Tags for aggregate, count, distinct, group and mapReduce", "labels": [ { "name": "Aggregation Command", "color": "4100FF" } ], "patterns": [ "command: aggregate", "command: count", "command: distinct", "command: group", "command: mapReduce" ], "actions": [{ "type": "Alert", "min_matches_count": 1, "min_matches_period": "Day", "min_report_count": 1, "min_report_period": "Day" }] }, { "type": "Alert", "name": "Geospatial Command", "description": "Tags for geoNear, geoSearch and geoWalk", "labels": [ { "name": "Geospatial Command", "color": "FF6D00" } ], "patterns": [ "command: geoNear", "command: geoSearch", "command: geoWalk" ], "actions": [{ "type": "Alert", "min_matches_count": 1, "min_matches_period": "Day", "min_report_count": 1, "min_report_period": "Day" }] }, { "type": "Alert", "name": "Query Operation", "description": "Tag for findAndModify", "labels": [ { "name": "Find Query", "color": "9A8DFF" } ], "patterns": [ "command: findAndModify" ], "actions": [{ "type": "Alert", "min_matches_count": 1, "min_matches_period": "Day", "min_report_count": 1, "min_report_period": "Day" }] }, { "type": "Alert", "name": "Authentication Command", "description": "Tags for logout and authenticate", "labels": [ { "name": "Authentication Command", "color": "0005FC" } ], "patterns": [ "command: logout", "command: authenticate" ], "actions": [{ "type": "Alert", "min_matches_count": 1, "min_matches_period": "Day", "min_report_count": 1, "min_report_period": "Day" }] }, { "type": "Alert", "name": "User Management Command", "description": "Tags for createUser, updateUser, dropUser, dropAllUsersFromDatabase, grantRolesToUser and revokeRolesFromUser", "labels": [ { "name": "User Management Command", "color": "00FC8F" } ], "patterns": [ "command: createUser", "command: updateUser", "command: dropUser", "command: dropAllUsersFromDatabase", "command: grantRolesToUser", "command: revokeRolesFromUser" ], "actions": [{ "type": "Alert", "min_matches_count": 1, "min_matches_period": "Day", "min_report_count": 1, "min_report_period": "Day" }] }, { "type": "Alert", "name": "Role Management Command", "description": "Tags for createRole, updateRole and dropRole", "labels": [ { "name": "Role Management Command", "color": "FC6C74" } ], "patterns": [ "command: createRole", "command: updateRole", "command: dropRole" ], "actions": [{ "type": "Alert", "min_matches_count": 1, "min_matches_period": "Day", "min_report_count": 1, "min_report_period": "Day" }] } ], "widgets": [ { "name": "Command vs Query", "description": "Command and Query Separation", "search_name": "CommandType", "type": "PieChart" }, { "name": "Database Commands Executed", "description": "Database Command Executed", "search_name": "DatabaseCommand", "type": "BarChart" }, { "name": "Average Query Result Length in Bytes", "description": "Average Query Result Length in Bytes", "search_name": "ResLen", "type": "TimelineLineChart", "show_tooltip": true }, { "name": "Component", "description": "Components for functional categorization of the messages", "search_name": "Component", "type": "BarChart" }, { "name": "Severity Levels", "description": "Severity Levels", "search_name": "Severity", "type": "PieChart" }, { "name": "Write Operations Over Time", "description": "Write Operations Over Time", "search_name": "Write", "type": "TimelineLineChart", "show_tooltip": true }, { "name": "Messages by category", "description": "Messages by category", "searches_names": ["Command","Network", "Query", "Storage", "Write" ], "show_tooltip": true, "type": "Multiline" } ], "cards": [ { "name": "Command vs Query", "description": "Command and Query Separation", "queries": [{ "leql" : { "statement":"where(/\\[\\w+\\] (?P\\w+)/i databaseCommand=query OR databaseCommand=command) groupby(databaseCommand) calculate(COUNT)"}}], "visualization": "PIE" }, { "name": "Database Commands Executed", "description": "Database Command Executed", "queries": [{ "leql" : { "statement":"where(/command: (?P\\w+)/i AND command!=isMaster AND command!=whatsmyuri) groupby(command) calculate(COUNT)"}}], "visualization": "BAR" }, { "name": "Average Query Result Length in Bytes", "description": "Average Query Result Length in Bytes", "queries": [{ "leql" : { "statement":"where(reslen) calculate(AVERAGE:reslen)"}}], "visualization": "LINE" }, { "name": "Component", "description": "Components for functional categorization of the messages", "queries": [{ "leql" : { "statement":"where(/(?P[A-Z]{3,8})/) groupby(component) calculate(COUNT)"}}], "visualization": "BAR" }, { "name": "Severity Levels", "description": "Severity Levels", "queries": [{ "leql" : { "statement":"where(/(?P F | E | W | I | D )/) groupby(sl) calculate(COUNT)"}}], "visualization": "PIE" }, { "name": "Write Operations Over Time", "description": "Write Operations Over Time", "queries": [{ "leql" : { "statement":"where(/(?P[A-Z]{3,8})/ component=WRITE) calculate(COUNT)"}}], "visualization": "LINE" }, { "name": "Messages by category", "description": "Messages by category", "queries": [ { "leql" : { "statement":"where(/(?P[A-Z]{3,8})/ component=COMMAND) calculate(COUNT)"}}, { "leql" : { "statement":"where(/(?P[A-Z]{3,8})/ component=NETWORK) calculate(COUNT)"}}, { "leql" : { "statement": "where(/(?P[A-Z]{3,8})/ component=QUERY) calculate(COUNT)"}}, { "leql" : { "statement": "where(/(?P[A-Z]{3,8})/ component=STORAGE) calculate(COUNT)"}}, { "leql" : { "statement": "where(/(?P[A-Z]{3,8})/ component=WRITE) calculate(COUNT)" }} ], "visualization": "MULTILINE" } ] }