+8Hi Everyone,
I’m writing to check whether it’s possible to monitor and alert on ingestion delays (i.e., lag between event time and ingestion time in logs/SecOps) for more than 1 hour using the Google Cloud Monitoring console.
Thank you in advance.
Aravind Sreekumar
+13You can monitor for ingest errors, throughput, volume, etc. in Cloud Monitoring, for example, but are not able to monitor for lag as the timestamp from the log will not be parsed. Within SecOps, you could create a dashboard using a query like this to monitor latency:
$log_type = metadata.log_type
match:
$log_type
outcome:
$log_count = count(metadata.id)
$avg_diff_min = math.round(cast.as_int(avg(metadata.ingested_timestamp.seconds - metadata.event_timestamp.seconds)) / 60,2)Example:
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
