From 849988bc97088d3bc22427a559e54323c7e95189 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Mon, 19 Dec 2022 13:09:01 +0530 Subject: [PATCH 1/2] Updating missing data monitor conditions --- main.tf | 4 +- monitor_packages/ActiveMQ/versions.tf | 2 +- monitor_packages/ApacheTomcat/versions.tf | 2 +- monitor_packages/Cassandra/versions.tf | 2 +- monitor_packages/Couchbase/versions.tf | 2 +- monitor_packages/Elasticsearch/versions.tf | 2 +- monitor_packages/IIS/versions.tf | 2 +- monitor_packages/Kafka/versions.tf | 2 +- monitor_packages/MariaDB/versions.tf | 2 +- monitor_packages/Memcached/versions.tf | 2 +- monitor_packages/MongoDB/MongoDB.tf | 988 +++++++++--------- monitor_packages/MongoDB/versions.tf | 2 +- monitor_packages/Oracle/versions.tf | 2 +- monitor_packages/RabbitMQ/versions.tf | 2 +- monitor_packages/SQLServer/versions.tf | 2 +- monitor_packages/SquidProxy/versions.tf | 2 +- monitor_packages/Varnish/versions.tf | 2 +- monitor_packages/apache/versions.tf | 2 +- monitor_packages/haproxy/versions.tf | 2 +- .../host_process_metrics/versions.tf | 2 +- monitor_packages/http_response/versions.tf | 2 +- monitor_packages/kubernetes/versions.tf | 2 +- monitor_packages/mysql/versions.tf | 2 +- monitor_packages/nginx-ingress/versions.tf | 2 +- .../nginx-plus-ingress/versions.tf | 2 +- monitor_packages/nginx-plus/versions.tf | 2 +- monitor_packages/nginx/versions.tf | 2 +- monitor_packages/postgresql/versions.tf | 2 +- monitor_packages/redis/versions.tf | 2 +- 29 files changed, 523 insertions(+), 523 deletions(-) diff --git a/main.tf b/main.tf index 375b3d5..4d31583 100644 --- a/main.tf +++ b/main.tf @@ -55,7 +55,7 @@ resource "sumologic_monitor" "tf_monitor" { trigger_conditions { dynamic "logs_static_condition" { - for_each = toset(var.monitor_monitor_type == "Logs" ? ["1"] : []) + for_each = toset(var.monitor_monitor_type == "Logs" && (local.hasLogsCriticalAlert||local.hasLogsWarningAlert) ? ["1"] : []) content { dynamic "critical" { for_each = local.hasLogsCriticalAlert ? ["1"] : [] @@ -94,7 +94,7 @@ resource "sumologic_monitor" "tf_monitor" { } } dynamic "metrics_static_condition" { - for_each = toset(var.monitor_monitor_type == "Metrics" ? ["1"] : []) + for_each = toset(var.monitor_monitor_type == "Metrics"&&(local.hasMetricsCriticalAlert||local.hasMetricsWarningAlert) ? ["1"] : []) content { dynamic "critical" { for_each = local.hasMetricsCriticalAlert ? ["1"] : [] diff --git a/monitor_packages/ActiveMQ/versions.tf b/monitor_packages/ActiveMQ/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/ActiveMQ/versions.tf +++ b/monitor_packages/ActiveMQ/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/ApacheTomcat/versions.tf b/monitor_packages/ApacheTomcat/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/ApacheTomcat/versions.tf +++ b/monitor_packages/ApacheTomcat/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/Cassandra/versions.tf b/monitor_packages/Cassandra/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/Cassandra/versions.tf +++ b/monitor_packages/Cassandra/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/Couchbase/versions.tf b/monitor_packages/Couchbase/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/Couchbase/versions.tf +++ b/monitor_packages/Couchbase/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/Elasticsearch/versions.tf b/monitor_packages/Elasticsearch/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/Elasticsearch/versions.tf +++ b/monitor_packages/Elasticsearch/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/IIS/versions.tf b/monitor_packages/IIS/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/IIS/versions.tf +++ b/monitor_packages/IIS/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/Kafka/versions.tf b/monitor_packages/Kafka/versions.tf index de2227b..35d5918 100644 --- a/monitor_packages/Kafka/versions.tf +++ b/monitor_packages/Kafka/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/MariaDB/versions.tf b/monitor_packages/MariaDB/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/MariaDB/versions.tf +++ b/monitor_packages/MariaDB/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/Memcached/versions.tf b/monitor_packages/Memcached/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/Memcached/versions.tf +++ b/monitor_packages/Memcached/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/MongoDB/MongoDB.tf b/monitor_packages/MongoDB/MongoDB.tf index 9c98592..b93b2a0 100644 --- a/monitor_packages/MongoDB/MongoDB.tf +++ b/monitor_packages/MongoDB/MongoDB.tf @@ -1,128 +1,128 @@ -module "MongoDB-TooManyCursorsTimeouts" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Too Many Cursors Timeouts" - monitor_description = "This alert fires when we detect that there are too many cursors (100) timing out on a MongoDB server within a 5 minute time interval." - monitor_monitor_type = "Metrics" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = var.connection_notifications_warning - email_notifications = var.email_notifications_warning - queries = { - A = "${var.mongodb_data_source} metric=mongodb_cursor_timed_out db_system=mongodb db_cluster=* | sum by db_cluster, host | rate increasing" - } - triggers = [ - { - threshold_type = "GreaterThanOrEqual", - threshold = 100, - time_range = "5m", - occurrence_type = "Always" - trigger_source = "AnyTimeSeries" - trigger_type = "Warning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThan", - threshold = 100, - time_range = "5m", - occurrence_type = "Always" - trigger_source = "AnyTimeSeries" - trigger_type = "ResolvedWarning", - detection_method = "StaticCondition" - } - ] -} -module "MongoDB-TooManyCursorsOpen" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Too Many Cursors Open" - monitor_description = "This alert fires when we detect that there are too many cursors (>10K) opened by MongoDB." - monitor_monitor_type = "Metrics" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = concat(var.connection_notifications_warning, var.connection_notifications_missingdata) - email_notifications = concat(var.email_notifications_warning, var.email_notifications_missingdata) - queries = { - A = "${var.mongodb_data_source} metric=mongodb_cursor_total_count db_system=mongodb db_cluster=* | sum by host, db_cluster" - } - triggers = [ - { - threshold_type = "GreaterThanOrEqual", - threshold = 10000, - time_range = "5m", - occurrence_type = "Always" - trigger_source = "AnyTimeSeries" - trigger_type = "Warning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThan", - threshold = 10000, - time_range = "5m", - occurrence_type = "Always" - trigger_source = "AnyTimeSeries" - trigger_type = "ResolvedWarning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThanOrEqual", - threshold = 0, - time_range = "5m", - occurrence_type = "MissingData" - trigger_source = "AnyTimeSeries" - trigger_type = "MissingData", - detection_method = "StaticCondition" - }, - { - threshold_type = "GreaterThan", - threshold = 0, - time_range = "5m", - occurrence_type = "MissingData" - trigger_source = "AnyTimeSeries" - trigger_type = "ResolvedMissingData", - detection_method = "StaticCondition" - } - ] -} -module "MongoDB-MissingPrimary" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Missing Primary" - monitor_description = "This alert fires when we detect that a MongoDB cluster has no node marked as primary." - monitor_monitor_type = "Metrics" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = var.connection_notifications_critical - email_notifications = var.email_notifications_critical - queries = { - A = "${var.mongodb_data_source} db_system=mongodb db_cluster=* metric=mongodb_repl_queries node_type=pri | count by db_cluster" - } - triggers = [ - { - threshold_type = "LessThanOrEqual", - threshold = 0, - time_range = "5m", - occurrence_type = "Always" - trigger_source = "AnyTimeSeries" - trigger_type = "Critical", - detection_method = "StaticCondition" - }, - { - threshold_type = "GreaterThan", - threshold = 0, - time_range = "5m", - occurrence_type = "Always" - trigger_source = "AnyTimeSeries" - trigger_type = "ResolvedCritical", - detection_method = "StaticCondition" - } - ] -} +# module "MongoDB-TooManyCursorsTimeouts" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Too Many Cursors Timeouts" +# monitor_description = "This alert fires when we detect that there are too many cursors (100) timing out on a MongoDB server within a 5 minute time interval." +# monitor_monitor_type = "Metrics" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = var.connection_notifications_warning +# email_notifications = var.email_notifications_warning +# queries = { +# A = "${var.mongodb_data_source} metric=mongodb_cursor_timed_out db_system=mongodb db_cluster=* | sum by db_cluster, host | rate increasing" +# } +# triggers = [ +# { +# threshold_type = "GreaterThanOrEqual", +# threshold = 100, +# time_range = "5m", +# occurrence_type = "Always" +# trigger_source = "AnyTimeSeries" +# trigger_type = "Warning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThan", +# threshold = 100, +# time_range = "5m", +# occurrence_type = "Always" +# trigger_source = "AnyTimeSeries" +# trigger_type = "ResolvedWarning", +# detection_method = "StaticCondition" +# } +# ] +# } +# module "MongoDB-TooManyCursorsOpen" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Too Many Cursors Open" +# monitor_description = "This alert fires when we detect that there are too many cursors (>10K) opened by MongoDB." +# monitor_monitor_type = "Metrics" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = concat(var.connection_notifications_warning, var.connection_notifications_missingdata) +# email_notifications = concat(var.email_notifications_warning, var.email_notifications_missingdata) +# queries = { +# A = "${var.mongodb_data_source} metric=mongodb_cursor_total_count db_system=mongodb db_cluster=* | sum by host, db_cluster" +# } +# triggers = [ +# { +# threshold_type = "GreaterThanOrEqual", +# threshold = 10000, +# time_range = "5m", +# occurrence_type = "Always" +# trigger_source = "AnyTimeSeries" +# trigger_type = "Warning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThan", +# threshold = 10000, +# time_range = "5m", +# occurrence_type = "Always" +# trigger_source = "AnyTimeSeries" +# trigger_type = "ResolvedWarning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThanOrEqual", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "MissingData" +# trigger_source = "AnyTimeSeries" +# trigger_type = "MissingData", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "GreaterThan", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "MissingData" +# trigger_source = "AnyTimeSeries" +# trigger_type = "ResolvedMissingData", +# detection_method = "StaticCondition" +# } +# ] +# } +# module "MongoDB-MissingPrimary" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Missing Primary" +# monitor_description = "This alert fires when we detect that a MongoDB cluster has no node marked as primary." +# monitor_monitor_type = "Metrics" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = var.connection_notifications_critical +# email_notifications = var.email_notifications_critical +# queries = { +# A = "${var.mongodb_data_source} db_system=mongodb db_cluster=* metric=mongodb_repl_queries node_type=pri | count by db_cluster" +# } +# triggers = [ +# { +# threshold_type = "LessThanOrEqual", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "Always" +# trigger_source = "AnyTimeSeries" +# trigger_type = "Critical", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "GreaterThan", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "Always" +# trigger_source = "AnyTimeSeries" +# trigger_type = "ResolvedCritical", +# detection_method = "StaticCondition" +# } +# ] +# } module "MongoDB-InstanceDown" { - source = "SumoLogic/sumo-logic-monitor/sumologic" + source = "../../" #version = "{revision}" monitor_name = "MongoDB - Instance Down" monitor_description = "This alert fires when we detect that the MongoDB instance is down." @@ -156,373 +156,373 @@ module "MongoDB-InstanceDown" { } ] } -module "MongoDB-ReplicationLag" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Replication Lag" - monitor_description = "This alert fires when we detect that the replica lag for a given MongoDB cluster is greater than 60 seconds. Please review the replication configuration." - monitor_monitor_type = "Metrics" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = var.connection_notifications_warning - email_notifications = var.email_notifications_warning - queries = { - A = "${var.mongodb_data_source} db_system=mongodb db_cluster=* metric=mongodb_repl_lag " - } - triggers = [ - { - threshold_type = "GreaterThan", - threshold = 60, - time_range = "5m", - occurrence_type = "Always" - trigger_source = "AnyTimeSeries" - trigger_type = "Warning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThanOrEqual", - threshold = 60, - time_range = "5m", - occurrence_type = "Always" - trigger_source = "AnyTimeSeries" - trigger_type = "ResolvedWarning", - detection_method = "StaticCondition" - } - ] -} -module "MongoDB-ReplicationHeartbeatError" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Replication Heartbeat Error" - monitor_description = "This alert fires when we detect that the MongoDB Replication Heartbeat request has errors, which indicates replication is not working as expected." - monitor_monitor_type = "Logs" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = var.connection_notifications_warning - email_notifications = var.email_notifications_warning - queries = { - A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*REPL*\" | json field=_raw \"attr.heartbeatMessage\" as heartbeatMessage | where heartbeatMessage matches \"Error*\"" - } - triggers = [ - { - threshold_type = "GreaterThan", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "Warning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThanOrEqual", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "ResolvedWarning", - detection_method = "StaticCondition" - } - ] -} -module "MongoDB-TooManyConnections" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Too Many Connections" - monitor_description = "This alert fires when we detect a given MongoDB server has too many connections (over 80% of capacity)." - monitor_monitor_type = "Metrics" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = concat(var.connection_notifications_warning, var.connection_notifications_missingdata) - email_notifications = concat(var.email_notifications_warning, var.email_notifications_missingdata) - queries = { - A = "${var.mongodb_data_source} metric=mongodb_connections_current db_cluster=* db_system=mongodb | sum by db_cluster, host | avg" - B = "${var.mongodb_data_source} metric=mongodb_connections_available db_cluster=* db_system=mongodb | sum by db_cluster, host | avg" - C = "#A*100/#B" - } - triggers = [ - { - threshold_type = "GreaterThanOrEqual", - threshold = 80, - time_range = "5m", - occurrence_type = "Always" - trigger_source = "AnyTimeSeries" - trigger_type = "Warning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThan", - threshold = 80, - time_range = "5m", - occurrence_type = "Always" - trigger_source = "AnyTimeSeries" - trigger_type = "ResolvedWarning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThanOrEqual", - threshold = 0, - time_range = "5m", - occurrence_type = "MissingData" - trigger_source = "AnyTimeSeries" - trigger_type = "MissingData", - detection_method = "StaticCondition" - }, - { - threshold_type = "GreaterThan", - threshold = 0, - time_range = "5m", - occurrence_type = "MissingData" - trigger_source = "AnyTimeSeries" - trigger_type = "ResolvedMissingData", - detection_method = "StaticCondition" - } - ] -} -module "MongoDB-SecondaryNodeReplicationFailure" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Secondary Node Replication Failure" - monitor_description = "This alert fires when we detect that a MongoDB secondary node is out of sync for replication." - monitor_monitor_type = "Logs" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = var.connection_notifications_warning - email_notifications = var.email_notifications_warning - queries = { - A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*REPL*\" and msg matches \"*too stale*\"" - } - triggers = [ - { - threshold_type = "GreaterThan", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "Warning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThanOrEqual", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "ResolvedWarning", - detection_method = "StaticCondition" - } - ] -} -module "MongoDB-SlowQueries" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Slow Queries" - monitor_description = "This alert fires when we detect that a MongoDB cluster is executing slow queries." - monitor_monitor_type = "Logs" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = var.connection_notifications_warning - email_notifications = var.email_notifications_warning - queries = { - A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*COMMAND*\" | json field=_raw \"attr.type\" as type | where type matches \"*command*\" | json field=_raw \"attr.command\" as command | replace (command,\"{\",\"\") as command | replace (command,\"}\",\"\") as command | parse regex field=command \"(?[\\w\\-\\.]+):*\" | where db_cmd matches \"*find*\" or db_cmd matches \"*insert*\" or db_cmd matches \"*remove*\" or db_cmd matches \"*delete*\" or db_cmd matches \"*update*\" | json field=_raw \"attr.durationMillis\" as dur | number(dur) | where dur > 100" - } - triggers = [ - { - threshold_type = "GreaterThan", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "Warning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThanOrEqual", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "ResolvedWarning", - detection_method = "StaticCondition" - } - ] -} -module "MongoDB-ShardingWarning" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Sharding Warning" - monitor_description = "This alert fires when we detect warnings in MongoDB sharding operations." - monitor_monitor_type = "Logs" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = var.connection_notifications_warning - email_notifications = var.email_notifications_warning - queries = { - A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*SHARDING*\" and severity = \"W\" " - } - triggers = [ - { - threshold_type = "GreaterThan", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "Warning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThanOrEqual", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "ResolvedWarning", - detection_method = "StaticCondition" - } - ] -} -module "MongoDB-ShardingChunkSplitFailure" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Sharding Chunk Split Failure" - monitor_description = "This alert fires when we detect that a MongoDB chunk not been split during sharding." - monitor_monitor_type = "Logs" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = var.connection_notifications_warning - email_notifications = var.email_notifications_warning - queries = { - A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*SHARDING*\" and severity = \"W\" and msg matches \"*splitChunk failed*\"" - } - triggers = [ - { - threshold_type = "GreaterThan", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "Warning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThanOrEqual", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "ResolvedWarning", - detection_method = "StaticCondition" - } - ] -} -module "MongoDB-ShardingError" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Sharding Error" - monitor_description = "This alert fires when we detect errors in MongoDB sharding operations." - monitor_monitor_type = "Logs" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = var.connection_notifications_critical - email_notifications = var.email_notifications_critical - queries = { - A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*SHARDING*\" and severity = \"E\" " - } - triggers = [ - { - threshold_type = "GreaterThan", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "Critical", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThanOrEqual", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "ResolvedCritical", - detection_method = "StaticCondition" - } - ] -} -module "MongoDB-ReplicationError" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Replication Error" - monitor_description = "This alert fires when we detect errors in MongoDB replication operations." - monitor_monitor_type = "Logs" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = var.connection_notifications_warning - email_notifications = var.email_notifications_warning - queries = { - A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where severity = \"E\" and component matches \"*REPL*\" " - } - triggers = [ - { - threshold_type = "GreaterThan", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "Warning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThanOrEqual", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "ResolvedWarning", - detection_method = "StaticCondition" - } - ] -} -module "MongoDB-ShardingBalancerFailure" { - source = "SumoLogic/sumo-logic-monitor/sumologic" - #version = "{revision}" - monitor_name = "MongoDB - Sharding Balancer Failure" - monitor_description = "This alert fires when we detect that data balancing failed on a MongoDB Cluster with 1 mongos instance and 3 mongod instances." - monitor_monitor_type = "Logs" - monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id - monitor_is_disabled = var.monitors_disabled - group_notifications = var.group_notifications - connection_notifications = var.connection_notifications_warning - email_notifications = var.email_notifications_warning - queries = { - A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where severity not in (\"W\", \"E\") and context matches \"*Balancer*\"" - } - triggers = [ - { - threshold_type = "GreaterThan", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "Warning", - detection_method = "StaticCondition" - }, - { - threshold_type = "LessThanOrEqual", - threshold = 0, - time_range = "5m", - occurrence_type = "ResultCount" - trigger_source = "AllResults" - trigger_type = "ResolvedWarning", - detection_method = "StaticCondition" - } - ] -} \ No newline at end of file +# module "MongoDB-ReplicationLag" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Replication Lag" +# monitor_description = "This alert fires when we detect that the replica lag for a given MongoDB cluster is greater than 60 seconds. Please review the replication configuration." +# monitor_monitor_type = "Metrics" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = var.connection_notifications_warning +# email_notifications = var.email_notifications_warning +# queries = { +# A = "${var.mongodb_data_source} db_system=mongodb db_cluster=* metric=mongodb_repl_lag " +# } +# triggers = [ +# { +# threshold_type = "GreaterThan", +# threshold = 60, +# time_range = "5m", +# occurrence_type = "Always" +# trigger_source = "AnyTimeSeries" +# trigger_type = "Warning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThanOrEqual", +# threshold = 60, +# time_range = "5m", +# occurrence_type = "Always" +# trigger_source = "AnyTimeSeries" +# trigger_type = "ResolvedWarning", +# detection_method = "StaticCondition" +# } +# ] +# } +# module "MongoDB-ReplicationHeartbeatError" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Replication Heartbeat Error" +# monitor_description = "This alert fires when we detect that the MongoDB Replication Heartbeat request has errors, which indicates replication is not working as expected." +# monitor_monitor_type = "Logs" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = var.connection_notifications_warning +# email_notifications = var.email_notifications_warning +# queries = { +# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*REPL*\" | json field=_raw \"attr.heartbeatMessage\" as heartbeatMessage | where heartbeatMessage matches \"Error*\"" +# } +# triggers = [ +# { +# threshold_type = "GreaterThan", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "Warning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThanOrEqual", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "ResolvedWarning", +# detection_method = "StaticCondition" +# } +# ] +# } +# module "MongoDB-TooManyConnections" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Too Many Connections" +# monitor_description = "This alert fires when we detect a given MongoDB server has too many connections (over 80% of capacity)." +# monitor_monitor_type = "Metrics" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = concat(var.connection_notifications_warning, var.connection_notifications_missingdata) +# email_notifications = concat(var.email_notifications_warning, var.email_notifications_missingdata) +# queries = { +# A = "${var.mongodb_data_source} metric=mongodb_connections_current db_cluster=* db_system=mongodb | sum by db_cluster, host | avg" +# B = "${var.mongodb_data_source} metric=mongodb_connections_available db_cluster=* db_system=mongodb | sum by db_cluster, host | avg" +# C = "#A*100/#B" +# } +# triggers = [ +# { +# threshold_type = "GreaterThanOrEqual", +# threshold = 80, +# time_range = "5m", +# occurrence_type = "Always" +# trigger_source = "AnyTimeSeries" +# trigger_type = "Warning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThan", +# threshold = 80, +# time_range = "5m", +# occurrence_type = "Always" +# trigger_source = "AnyTimeSeries" +# trigger_type = "ResolvedWarning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThanOrEqual", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "MissingData" +# trigger_source = "AnyTimeSeries" +# trigger_type = "MissingData", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "GreaterThan", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "MissingData" +# trigger_source = "AnyTimeSeries" +# trigger_type = "ResolvedMissingData", +# detection_method = "StaticCondition" +# } +# ] +# } +# module "MongoDB-SecondaryNodeReplicationFailure" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Secondary Node Replication Failure" +# monitor_description = "This alert fires when we detect that a MongoDB secondary node is out of sync for replication." +# monitor_monitor_type = "Logs" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = var.connection_notifications_warning +# email_notifications = var.email_notifications_warning +# queries = { +# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*REPL*\" and msg matches \"*too stale*\"" +# } +# triggers = [ +# { +# threshold_type = "GreaterThan", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "Warning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThanOrEqual", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "ResolvedWarning", +# detection_method = "StaticCondition" +# } +# ] +# } +# module "MongoDB-SlowQueries" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Slow Queries" +# monitor_description = "This alert fires when we detect that a MongoDB cluster is executing slow queries." +# monitor_monitor_type = "Logs" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = var.connection_notifications_warning +# email_notifications = var.email_notifications_warning +# queries = { +# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*COMMAND*\" | json field=_raw \"attr.type\" as type | where type matches \"*command*\" | json field=_raw \"attr.command\" as command | replace (command,\"{\",\"\") as command | replace (command,\"}\",\"\") as command | parse regex field=command \"(?[\\w\\-\\.]+):*\" | where db_cmd matches \"*find*\" or db_cmd matches \"*insert*\" or db_cmd matches \"*remove*\" or db_cmd matches \"*delete*\" or db_cmd matches \"*update*\" | json field=_raw \"attr.durationMillis\" as dur | number(dur) | where dur > 100" +# } +# triggers = [ +# { +# threshold_type = "GreaterThan", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "Warning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThanOrEqual", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "ResolvedWarning", +# detection_method = "StaticCondition" +# } +# ] +# } +# module "MongoDB-ShardingWarning" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Sharding Warning" +# monitor_description = "This alert fires when we detect warnings in MongoDB sharding operations." +# monitor_monitor_type = "Logs" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = var.connection_notifications_warning +# email_notifications = var.email_notifications_warning +# queries = { +# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*SHARDING*\" and severity = \"W\" " +# } +# triggers = [ +# { +# threshold_type = "GreaterThan", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "Warning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThanOrEqual", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "ResolvedWarning", +# detection_method = "StaticCondition" +# } +# ] +# } +# module "MongoDB-ShardingChunkSplitFailure" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Sharding Chunk Split Failure" +# monitor_description = "This alert fires when we detect that a MongoDB chunk not been split during sharding." +# monitor_monitor_type = "Logs" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = var.connection_notifications_warning +# email_notifications = var.email_notifications_warning +# queries = { +# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*SHARDING*\" and severity = \"W\" and msg matches \"*splitChunk failed*\"" +# } +# triggers = [ +# { +# threshold_type = "GreaterThan", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "Warning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThanOrEqual", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "ResolvedWarning", +# detection_method = "StaticCondition" +# } +# ] +# } +# module "MongoDB-ShardingError" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Sharding Error" +# monitor_description = "This alert fires when we detect errors in MongoDB sharding operations." +# monitor_monitor_type = "Logs" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = var.connection_notifications_critical +# email_notifications = var.email_notifications_critical +# queries = { +# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*SHARDING*\" and severity = \"E\" " +# } +# triggers = [ +# { +# threshold_type = "GreaterThan", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "Critical", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThanOrEqual", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "ResolvedCritical", +# detection_method = "StaticCondition" +# } +# ] +# } +# module "MongoDB-ReplicationError" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Replication Error" +# monitor_description = "This alert fires when we detect errors in MongoDB replication operations." +# monitor_monitor_type = "Logs" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = var.connection_notifications_warning +# email_notifications = var.email_notifications_warning +# queries = { +# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where severity = \"E\" and component matches \"*REPL*\" " +# } +# triggers = [ +# { +# threshold_type = "GreaterThan", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "Warning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThanOrEqual", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "ResolvedWarning", +# detection_method = "StaticCondition" +# } +# ] +# } +# module "MongoDB-ShardingBalancerFailure" { +# source = "SumoLogic/sumo-logic-monitor/sumologic" +# #version = "{revision}" +# monitor_name = "MongoDB - Sharding Balancer Failure" +# monitor_description = "This alert fires when we detect that data balancing failed on a MongoDB Cluster with 1 mongos instance and 3 mongod instances." +# monitor_monitor_type = "Logs" +# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id +# monitor_is_disabled = var.monitors_disabled +# group_notifications = var.group_notifications +# connection_notifications = var.connection_notifications_warning +# email_notifications = var.email_notifications_warning +# queries = { +# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where severity not in (\"W\", \"E\") and context matches \"*Balancer*\"" +# } +# triggers = [ +# { +# threshold_type = "GreaterThan", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "Warning", +# detection_method = "StaticCondition" +# }, +# { +# threshold_type = "LessThanOrEqual", +# threshold = 0, +# time_range = "5m", +# occurrence_type = "ResultCount" +# trigger_source = "AllResults" +# trigger_type = "ResolvedWarning", +# detection_method = "StaticCondition" +# } +# ] +# } \ No newline at end of file diff --git a/monitor_packages/MongoDB/versions.tf b/monitor_packages/MongoDB/versions.tf index de2227b..35d5918 100644 --- a/monitor_packages/MongoDB/versions.tf +++ b/monitor_packages/MongoDB/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/Oracle/versions.tf b/monitor_packages/Oracle/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/Oracle/versions.tf +++ b/monitor_packages/Oracle/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/RabbitMQ/versions.tf b/monitor_packages/RabbitMQ/versions.tf index 8ce5bd5..c8703b1 100644 --- a/monitor_packages/RabbitMQ/versions.tf +++ b/monitor_packages/RabbitMQ/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/SQLServer/versions.tf b/monitor_packages/SQLServer/versions.tf index 4773d56..9c6a206 100644 --- a/monitor_packages/SQLServer/versions.tf +++ b/monitor_packages/SQLServer/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/SquidProxy/versions.tf b/monitor_packages/SquidProxy/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/SquidProxy/versions.tf +++ b/monitor_packages/SquidProxy/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/Varnish/versions.tf b/monitor_packages/Varnish/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/Varnish/versions.tf +++ b/monitor_packages/Varnish/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/apache/versions.tf b/monitor_packages/apache/versions.tf index de2227b..35d5918 100644 --- a/monitor_packages/apache/versions.tf +++ b/monitor_packages/apache/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/haproxy/versions.tf b/monitor_packages/haproxy/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/haproxy/versions.tf +++ b/monitor_packages/haproxy/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/host_process_metrics/versions.tf b/monitor_packages/host_process_metrics/versions.tf index 34e2c69..4c6b36a 100644 --- a/monitor_packages/host_process_metrics/versions.tf +++ b/monitor_packages/host_process_metrics/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/http_response/versions.tf b/monitor_packages/http_response/versions.tf index de2227b..35d5918 100644 --- a/monitor_packages/http_response/versions.tf +++ b/monitor_packages/http_response/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/kubernetes/versions.tf b/monitor_packages/kubernetes/versions.tf index de2227b..35d5918 100644 --- a/monitor_packages/kubernetes/versions.tf +++ b/monitor_packages/kubernetes/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/mysql/versions.tf b/monitor_packages/mysql/versions.tf index de2227b..35d5918 100644 --- a/monitor_packages/mysql/versions.tf +++ b/monitor_packages/mysql/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/nginx-ingress/versions.tf b/monitor_packages/nginx-ingress/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/nginx-ingress/versions.tf +++ b/monitor_packages/nginx-ingress/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/nginx-plus-ingress/versions.tf b/monitor_packages/nginx-plus-ingress/versions.tf index de2227b..35d5918 100644 --- a/monitor_packages/nginx-plus-ingress/versions.tf +++ b/monitor_packages/nginx-plus-ingress/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/nginx-plus/versions.tf b/monitor_packages/nginx-plus/versions.tf index de2227b..35d5918 100644 --- a/monitor_packages/nginx-plus/versions.tf +++ b/monitor_packages/nginx-plus/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/nginx/versions.tf b/monitor_packages/nginx/versions.tf index 438d169..8dc4f77 100644 --- a/monitor_packages/nginx/versions.tf +++ b/monitor_packages/nginx/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/postgresql/versions.tf b/monitor_packages/postgresql/versions.tf index de2227b..35d5918 100644 --- a/monitor_packages/postgresql/versions.tf +++ b/monitor_packages/postgresql/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } diff --git a/monitor_packages/redis/versions.tf b/monitor_packages/redis/versions.tf index de2227b..35d5918 100644 --- a/monitor_packages/redis/versions.tf +++ b/monitor_packages/redis/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { sumologic = { - version = "~> 2.6.2" + version = "~> 2.18.0" source = "SumoLogic/sumologic" } } From f0e060433c8b758ada9ce223e443d3c5ae8719d8 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Mon, 19 Dec 2022 13:43:27 +0530 Subject: [PATCH 2/2] uncommenting mongoDB monitors --- monitor_packages/MongoDB/MongoDB.tf | 986 ++++++++++++++-------------- 1 file changed, 493 insertions(+), 493 deletions(-) diff --git a/monitor_packages/MongoDB/MongoDB.tf b/monitor_packages/MongoDB/MongoDB.tf index b93b2a0..b6d9baf 100644 --- a/monitor_packages/MongoDB/MongoDB.tf +++ b/monitor_packages/MongoDB/MongoDB.tf @@ -1,126 +1,126 @@ -# module "MongoDB-TooManyCursorsTimeouts" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Too Many Cursors Timeouts" -# monitor_description = "This alert fires when we detect that there are too many cursors (100) timing out on a MongoDB server within a 5 minute time interval." -# monitor_monitor_type = "Metrics" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = var.connection_notifications_warning -# email_notifications = var.email_notifications_warning -# queries = { -# A = "${var.mongodb_data_source} metric=mongodb_cursor_timed_out db_system=mongodb db_cluster=* | sum by db_cluster, host | rate increasing" -# } -# triggers = [ -# { -# threshold_type = "GreaterThanOrEqual", -# threshold = 100, -# time_range = "5m", -# occurrence_type = "Always" -# trigger_source = "AnyTimeSeries" -# trigger_type = "Warning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThan", -# threshold = 100, -# time_range = "5m", -# occurrence_type = "Always" -# trigger_source = "AnyTimeSeries" -# trigger_type = "ResolvedWarning", -# detection_method = "StaticCondition" -# } -# ] -# } -# module "MongoDB-TooManyCursorsOpen" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Too Many Cursors Open" -# monitor_description = "This alert fires when we detect that there are too many cursors (>10K) opened by MongoDB." -# monitor_monitor_type = "Metrics" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = concat(var.connection_notifications_warning, var.connection_notifications_missingdata) -# email_notifications = concat(var.email_notifications_warning, var.email_notifications_missingdata) -# queries = { -# A = "${var.mongodb_data_source} metric=mongodb_cursor_total_count db_system=mongodb db_cluster=* | sum by host, db_cluster" -# } -# triggers = [ -# { -# threshold_type = "GreaterThanOrEqual", -# threshold = 10000, -# time_range = "5m", -# occurrence_type = "Always" -# trigger_source = "AnyTimeSeries" -# trigger_type = "Warning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThan", -# threshold = 10000, -# time_range = "5m", -# occurrence_type = "Always" -# trigger_source = "AnyTimeSeries" -# trigger_type = "ResolvedWarning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThanOrEqual", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "MissingData" -# trigger_source = "AnyTimeSeries" -# trigger_type = "MissingData", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "GreaterThan", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "MissingData" -# trigger_source = "AnyTimeSeries" -# trigger_type = "ResolvedMissingData", -# detection_method = "StaticCondition" -# } -# ] -# } -# module "MongoDB-MissingPrimary" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Missing Primary" -# monitor_description = "This alert fires when we detect that a MongoDB cluster has no node marked as primary." -# monitor_monitor_type = "Metrics" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = var.connection_notifications_critical -# email_notifications = var.email_notifications_critical -# queries = { -# A = "${var.mongodb_data_source} db_system=mongodb db_cluster=* metric=mongodb_repl_queries node_type=pri | count by db_cluster" -# } -# triggers = [ -# { -# threshold_type = "LessThanOrEqual", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "Always" -# trigger_source = "AnyTimeSeries" -# trigger_type = "Critical", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "GreaterThan", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "Always" -# trigger_source = "AnyTimeSeries" -# trigger_type = "ResolvedCritical", -# detection_method = "StaticCondition" -# } -# ] -# } +module "MongoDB-TooManyCursorsTimeouts" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Too Many Cursors Timeouts" + monitor_description = "This alert fires when we detect that there are too many cursors (100) timing out on a MongoDB server within a 5 minute time interval." + monitor_monitor_type = "Metrics" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications_warning + email_notifications = var.email_notifications_warning + queries = { + A = "${var.mongodb_data_source} metric=mongodb_cursor_timed_out db_system=mongodb db_cluster=* | sum by db_cluster, host | rate increasing" + } + triggers = [ + { + threshold_type = "GreaterThanOrEqual", + threshold = 100, + time_range = "5m", + occurrence_type = "Always" + trigger_source = "AnyTimeSeries" + trigger_type = "Warning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThan", + threshold = 100, + time_range = "5m", + occurrence_type = "Always" + trigger_source = "AnyTimeSeries" + trigger_type = "ResolvedWarning", + detection_method = "StaticCondition" + } + ] +} +module "MongoDB-TooManyCursorsOpen" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Too Many Cursors Open" + monitor_description = "This alert fires when we detect that there are too many cursors (>10K) opened by MongoDB." + monitor_monitor_type = "Metrics" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = concat(var.connection_notifications_warning, var.connection_notifications_missingdata) + email_notifications = concat(var.email_notifications_warning, var.email_notifications_missingdata) + queries = { + A = "${var.mongodb_data_source} metric=mongodb_cursor_total_count db_system=mongodb db_cluster=* | sum by host, db_cluster" + } + triggers = [ + { + threshold_type = "GreaterThanOrEqual", + threshold = 10000, + time_range = "5m", + occurrence_type = "Always" + trigger_source = "AnyTimeSeries" + trigger_type = "Warning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThan", + threshold = 10000, + time_range = "5m", + occurrence_type = "Always" + trigger_source = "AnyTimeSeries" + trigger_type = "ResolvedWarning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThanOrEqual", + threshold = 0, + time_range = "5m", + occurrence_type = "MissingData" + trigger_source = "AnyTimeSeries" + trigger_type = "MissingData", + detection_method = "StaticCondition" + }, + { + threshold_type = "GreaterThan", + threshold = 0, + time_range = "5m", + occurrence_type = "MissingData" + trigger_source = "AnyTimeSeries" + trigger_type = "ResolvedMissingData", + detection_method = "StaticCondition" + } + ] +} +module "MongoDB-MissingPrimary" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Missing Primary" + monitor_description = "This alert fires when we detect that a MongoDB cluster has no node marked as primary." + monitor_monitor_type = "Metrics" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications_critical + email_notifications = var.email_notifications_critical + queries = { + A = "${var.mongodb_data_source} db_system=mongodb db_cluster=* metric=mongodb_repl_queries node_type=pri | count by db_cluster" + } + triggers = [ + { + threshold_type = "LessThanOrEqual", + threshold = 0, + time_range = "5m", + occurrence_type = "Always" + trigger_source = "AnyTimeSeries" + trigger_type = "Critical", + detection_method = "StaticCondition" + }, + { + threshold_type = "GreaterThan", + threshold = 0, + time_range = "5m", + occurrence_type = "Always" + trigger_source = "AnyTimeSeries" + trigger_type = "ResolvedCritical", + detection_method = "StaticCondition" + } + ] +} module "MongoDB-InstanceDown" { source = "../../" #version = "{revision}" @@ -156,373 +156,373 @@ module "MongoDB-InstanceDown" { } ] } -# module "MongoDB-ReplicationLag" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Replication Lag" -# monitor_description = "This alert fires when we detect that the replica lag for a given MongoDB cluster is greater than 60 seconds. Please review the replication configuration." -# monitor_monitor_type = "Metrics" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = var.connection_notifications_warning -# email_notifications = var.email_notifications_warning -# queries = { -# A = "${var.mongodb_data_source} db_system=mongodb db_cluster=* metric=mongodb_repl_lag " -# } -# triggers = [ -# { -# threshold_type = "GreaterThan", -# threshold = 60, -# time_range = "5m", -# occurrence_type = "Always" -# trigger_source = "AnyTimeSeries" -# trigger_type = "Warning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThanOrEqual", -# threshold = 60, -# time_range = "5m", -# occurrence_type = "Always" -# trigger_source = "AnyTimeSeries" -# trigger_type = "ResolvedWarning", -# detection_method = "StaticCondition" -# } -# ] -# } -# module "MongoDB-ReplicationHeartbeatError" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Replication Heartbeat Error" -# monitor_description = "This alert fires when we detect that the MongoDB Replication Heartbeat request has errors, which indicates replication is not working as expected." -# monitor_monitor_type = "Logs" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = var.connection_notifications_warning -# email_notifications = var.email_notifications_warning -# queries = { -# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*REPL*\" | json field=_raw \"attr.heartbeatMessage\" as heartbeatMessage | where heartbeatMessage matches \"Error*\"" -# } -# triggers = [ -# { -# threshold_type = "GreaterThan", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "Warning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThanOrEqual", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "ResolvedWarning", -# detection_method = "StaticCondition" -# } -# ] -# } -# module "MongoDB-TooManyConnections" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Too Many Connections" -# monitor_description = "This alert fires when we detect a given MongoDB server has too many connections (over 80% of capacity)." -# monitor_monitor_type = "Metrics" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = concat(var.connection_notifications_warning, var.connection_notifications_missingdata) -# email_notifications = concat(var.email_notifications_warning, var.email_notifications_missingdata) -# queries = { -# A = "${var.mongodb_data_source} metric=mongodb_connections_current db_cluster=* db_system=mongodb | sum by db_cluster, host | avg" -# B = "${var.mongodb_data_source} metric=mongodb_connections_available db_cluster=* db_system=mongodb | sum by db_cluster, host | avg" -# C = "#A*100/#B" -# } -# triggers = [ -# { -# threshold_type = "GreaterThanOrEqual", -# threshold = 80, -# time_range = "5m", -# occurrence_type = "Always" -# trigger_source = "AnyTimeSeries" -# trigger_type = "Warning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThan", -# threshold = 80, -# time_range = "5m", -# occurrence_type = "Always" -# trigger_source = "AnyTimeSeries" -# trigger_type = "ResolvedWarning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThanOrEqual", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "MissingData" -# trigger_source = "AnyTimeSeries" -# trigger_type = "MissingData", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "GreaterThan", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "MissingData" -# trigger_source = "AnyTimeSeries" -# trigger_type = "ResolvedMissingData", -# detection_method = "StaticCondition" -# } -# ] -# } -# module "MongoDB-SecondaryNodeReplicationFailure" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Secondary Node Replication Failure" -# monitor_description = "This alert fires when we detect that a MongoDB secondary node is out of sync for replication." -# monitor_monitor_type = "Logs" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = var.connection_notifications_warning -# email_notifications = var.email_notifications_warning -# queries = { -# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*REPL*\" and msg matches \"*too stale*\"" -# } -# triggers = [ -# { -# threshold_type = "GreaterThan", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "Warning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThanOrEqual", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "ResolvedWarning", -# detection_method = "StaticCondition" -# } -# ] -# } -# module "MongoDB-SlowQueries" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Slow Queries" -# monitor_description = "This alert fires when we detect that a MongoDB cluster is executing slow queries." -# monitor_monitor_type = "Logs" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = var.connection_notifications_warning -# email_notifications = var.email_notifications_warning -# queries = { -# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*COMMAND*\" | json field=_raw \"attr.type\" as type | where type matches \"*command*\" | json field=_raw \"attr.command\" as command | replace (command,\"{\",\"\") as command | replace (command,\"}\",\"\") as command | parse regex field=command \"(?[\\w\\-\\.]+):*\" | where db_cmd matches \"*find*\" or db_cmd matches \"*insert*\" or db_cmd matches \"*remove*\" or db_cmd matches \"*delete*\" or db_cmd matches \"*update*\" | json field=_raw \"attr.durationMillis\" as dur | number(dur) | where dur > 100" -# } -# triggers = [ -# { -# threshold_type = "GreaterThan", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "Warning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThanOrEqual", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "ResolvedWarning", -# detection_method = "StaticCondition" -# } -# ] -# } -# module "MongoDB-ShardingWarning" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Sharding Warning" -# monitor_description = "This alert fires when we detect warnings in MongoDB sharding operations." -# monitor_monitor_type = "Logs" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = var.connection_notifications_warning -# email_notifications = var.email_notifications_warning -# queries = { -# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*SHARDING*\" and severity = \"W\" " -# } -# triggers = [ -# { -# threshold_type = "GreaterThan", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "Warning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThanOrEqual", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "ResolvedWarning", -# detection_method = "StaticCondition" -# } -# ] -# } -# module "MongoDB-ShardingChunkSplitFailure" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Sharding Chunk Split Failure" -# monitor_description = "This alert fires when we detect that a MongoDB chunk not been split during sharding." -# monitor_monitor_type = "Logs" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = var.connection_notifications_warning -# email_notifications = var.email_notifications_warning -# queries = { -# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*SHARDING*\" and severity = \"W\" and msg matches \"*splitChunk failed*\"" -# } -# triggers = [ -# { -# threshold_type = "GreaterThan", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "Warning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThanOrEqual", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "ResolvedWarning", -# detection_method = "StaticCondition" -# } -# ] -# } -# module "MongoDB-ShardingError" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Sharding Error" -# monitor_description = "This alert fires when we detect errors in MongoDB sharding operations." -# monitor_monitor_type = "Logs" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = var.connection_notifications_critical -# email_notifications = var.email_notifications_critical -# queries = { -# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*SHARDING*\" and severity = \"E\" " -# } -# triggers = [ -# { -# threshold_type = "GreaterThan", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "Critical", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThanOrEqual", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "ResolvedCritical", -# detection_method = "StaticCondition" -# } -# ] -# } -# module "MongoDB-ReplicationError" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Replication Error" -# monitor_description = "This alert fires when we detect errors in MongoDB replication operations." -# monitor_monitor_type = "Logs" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = var.connection_notifications_warning -# email_notifications = var.email_notifications_warning -# queries = { -# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where severity = \"E\" and component matches \"*REPL*\" " -# } -# triggers = [ -# { -# threshold_type = "GreaterThan", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "Warning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThanOrEqual", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "ResolvedWarning", -# detection_method = "StaticCondition" -# } -# ] -# } -# module "MongoDB-ShardingBalancerFailure" { -# source = "SumoLogic/sumo-logic-monitor/sumologic" -# #version = "{revision}" -# monitor_name = "MongoDB - Sharding Balancer Failure" -# monitor_description = "This alert fires when we detect that data balancing failed on a MongoDB Cluster with 1 mongos instance and 3 mongod instances." -# monitor_monitor_type = "Logs" -# monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id -# monitor_is_disabled = var.monitors_disabled -# group_notifications = var.group_notifications -# connection_notifications = var.connection_notifications_warning -# email_notifications = var.email_notifications_warning -# queries = { -# A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where severity not in (\"W\", \"E\") and context matches \"*Balancer*\"" -# } -# triggers = [ -# { -# threshold_type = "GreaterThan", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "Warning", -# detection_method = "StaticCondition" -# }, -# { -# threshold_type = "LessThanOrEqual", -# threshold = 0, -# time_range = "5m", -# occurrence_type = "ResultCount" -# trigger_source = "AllResults" -# trigger_type = "ResolvedWarning", -# detection_method = "StaticCondition" -# } -# ] -# } \ No newline at end of file +module "MongoDB-ReplicationLag" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Replication Lag" + monitor_description = "This alert fires when we detect that the replica lag for a given MongoDB cluster is greater than 60 seconds. Please review the replication configuration." + monitor_monitor_type = "Metrics" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications_warning + email_notifications = var.email_notifications_warning + queries = { + A = "${var.mongodb_data_source} db_system=mongodb db_cluster=* metric=mongodb_repl_lag " + } + triggers = [ + { + threshold_type = "GreaterThan", + threshold = 60, + time_range = "5m", + occurrence_type = "Always" + trigger_source = "AnyTimeSeries" + trigger_type = "Warning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThanOrEqual", + threshold = 60, + time_range = "5m", + occurrence_type = "Always" + trigger_source = "AnyTimeSeries" + trigger_type = "ResolvedWarning", + detection_method = "StaticCondition" + } + ] +} +module "MongoDB-ReplicationHeartbeatError" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Replication Heartbeat Error" + monitor_description = "This alert fires when we detect that the MongoDB Replication Heartbeat request has errors, which indicates replication is not working as expected." + monitor_monitor_type = "Logs" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications_warning + email_notifications = var.email_notifications_warning + queries = { + A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*REPL*\" | json field=_raw \"attr.heartbeatMessage\" as heartbeatMessage | where heartbeatMessage matches \"Error*\"" + } + triggers = [ + { + threshold_type = "GreaterThan", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "Warning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThanOrEqual", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "ResolvedWarning", + detection_method = "StaticCondition" + } + ] +} +module "MongoDB-TooManyConnections" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Too Many Connections" + monitor_description = "This alert fires when we detect a given MongoDB server has too many connections (over 80% of capacity)." + monitor_monitor_type = "Metrics" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = concat(var.connection_notifications_warning, var.connection_notifications_missingdata) + email_notifications = concat(var.email_notifications_warning, var.email_notifications_missingdata) + queries = { + A = "${var.mongodb_data_source} metric=mongodb_connections_current db_cluster=* db_system=mongodb | sum by db_cluster, host | avg" + B = "${var.mongodb_data_source} metric=mongodb_connections_available db_cluster=* db_system=mongodb | sum by db_cluster, host | avg" + C = "#A*100/#B" + } + triggers = [ + { + threshold_type = "GreaterThanOrEqual", + threshold = 80, + time_range = "5m", + occurrence_type = "Always" + trigger_source = "AnyTimeSeries" + trigger_type = "Warning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThan", + threshold = 80, + time_range = "5m", + occurrence_type = "Always" + trigger_source = "AnyTimeSeries" + trigger_type = "ResolvedWarning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThanOrEqual", + threshold = 0, + time_range = "5m", + occurrence_type = "MissingData" + trigger_source = "AnyTimeSeries" + trigger_type = "MissingData", + detection_method = "StaticCondition" + }, + { + threshold_type = "GreaterThan", + threshold = 0, + time_range = "5m", + occurrence_type = "MissingData" + trigger_source = "AnyTimeSeries" + trigger_type = "ResolvedMissingData", + detection_method = "StaticCondition" + } + ] +} +module "MongoDB-SecondaryNodeReplicationFailure" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Secondary Node Replication Failure" + monitor_description = "This alert fires when we detect that a MongoDB secondary node is out of sync for replication." + monitor_monitor_type = "Logs" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications_warning + email_notifications = var.email_notifications_warning + queries = { + A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*REPL*\" and msg matches \"*too stale*\"" + } + triggers = [ + { + threshold_type = "GreaterThan", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "Warning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThanOrEqual", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "ResolvedWarning", + detection_method = "StaticCondition" + } + ] +} +module "MongoDB-SlowQueries" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Slow Queries" + monitor_description = "This alert fires when we detect that a MongoDB cluster is executing slow queries." + monitor_monitor_type = "Logs" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications_warning + email_notifications = var.email_notifications_warning + queries = { + A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*COMMAND*\" | json field=_raw \"attr.type\" as type | where type matches \"*command*\" | json field=_raw \"attr.command\" as command | replace (command,\"{\",\"\") as command | replace (command,\"}\",\"\") as command | parse regex field=command \"(?[\\w\\-\\.]+):*\" | where db_cmd matches \"*find*\" or db_cmd matches \"*insert*\" or db_cmd matches \"*remove*\" or db_cmd matches \"*delete*\" or db_cmd matches \"*update*\" | json field=_raw \"attr.durationMillis\" as dur | number(dur) | where dur > 100" + } + triggers = [ + { + threshold_type = "GreaterThan", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "Warning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThanOrEqual", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "ResolvedWarning", + detection_method = "StaticCondition" + } + ] +} +module "MongoDB-ShardingWarning" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Sharding Warning" + monitor_description = "This alert fires when we detect warnings in MongoDB sharding operations." + monitor_monitor_type = "Logs" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications_warning + email_notifications = var.email_notifications_warning + queries = { + A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*SHARDING*\" and severity = \"W\" " + } + triggers = [ + { + threshold_type = "GreaterThan", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "Warning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThanOrEqual", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "ResolvedWarning", + detection_method = "StaticCondition" + } + ] +} +module "MongoDB-ShardingChunkSplitFailure" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Sharding Chunk Split Failure" + monitor_description = "This alert fires when we detect that a MongoDB chunk not been split during sharding." + monitor_monitor_type = "Logs" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications_warning + email_notifications = var.email_notifications_warning + queries = { + A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*SHARDING*\" and severity = \"W\" and msg matches \"*splitChunk failed*\"" + } + triggers = [ + { + threshold_type = "GreaterThan", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "Warning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThanOrEqual", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "ResolvedWarning", + detection_method = "StaticCondition" + } + ] +} +module "MongoDB-ShardingError" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Sharding Error" + monitor_description = "This alert fires when we detect errors in MongoDB sharding operations." + monitor_monitor_type = "Logs" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications_critical + email_notifications = var.email_notifications_critical + queries = { + A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where component matches \"*SHARDING*\" and severity = \"E\" " + } + triggers = [ + { + threshold_type = "GreaterThan", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "Critical", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThanOrEqual", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "ResolvedCritical", + detection_method = "StaticCondition" + } + ] +} +module "MongoDB-ReplicationError" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Replication Error" + monitor_description = "This alert fires when we detect errors in MongoDB replication operations." + monitor_monitor_type = "Logs" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications_warning + email_notifications = var.email_notifications_warning + queries = { + A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where severity = \"E\" and component matches \"*REPL*\" " + } + triggers = [ + { + threshold_type = "GreaterThan", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "Warning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThanOrEqual", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "ResolvedWarning", + detection_method = "StaticCondition" + } + ] +} +module "MongoDB-ShardingBalancerFailure" { + source = "SumoLogic/sumo-logic-monitor/sumologic" + #version = "{revision}" + monitor_name = "MongoDB - Sharding Balancer Failure" + monitor_description = "This alert fires when we detect that data balancing failed on a MongoDB Cluster with 1 mongos instance and 3 mongod instances." + monitor_monitor_type = "Logs" + monitor_parent_id = sumologic_monitor_folder.tf_monitor_folder_1.id + monitor_is_disabled = var.monitors_disabled + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications_warning + email_notifications = var.email_notifications_warning + queries = { + A = "${var.mongodb_data_source} db_cluster=* db_system=mongodb | json \"log\" as _rawlog nodrop | if (isEmpty(_rawlog), _raw, _rawlog) as _raw | json field=_raw \"t.$date\" as timestamp | json field=_raw \"s\" as severity | json field=_raw \"c\" as component | json field=_raw \"ctx\" as context | json field=_raw \"msg\" as msg | where severity not in (\"W\", \"E\") and context matches \"*Balancer*\"" + } + triggers = [ + { + threshold_type = "GreaterThan", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "Warning", + detection_method = "StaticCondition" + }, + { + threshold_type = "LessThanOrEqual", + threshold = 0, + time_range = "5m", + occurrence_type = "ResultCount" + trigger_source = "AllResults" + trigger_type = "ResolvedWarning", + detection_method = "StaticCondition" + } + ] +} \ No newline at end of file