Ingestion health with one collector

Question

Hello ,I have a question about our specific architecture:we currently have a single collector (with several forwarders)  that aggregates logs from many devices and customers (for example, multiple Fortigate firewalls from different tenants).With ingestion health metrics / Cloud Monitoring, I can see when the collector itself stops ingesting logs, but I don’t see how to know which exact firewall or customer pipeline has gone silent if the collector is still receiving logs from other sources.My questions are:	In a single-collector design, is there a recommended way to make ingestion alerts more granular (per customer / per device)? For example, using different ingestion_source labels or another best practice?	Thanks a lot for any guidance or design recommendations on this.

Rob_P · Answer

Hi There ​@melissagr -Yes, this flexibility should be available within Cloud Health > Monitoring > Alerts page.Once you Select the appropriate Metrics for the collector, you should be able to add a filter for Log_Type and specify the alert should trigger when that log_type is missing for your predetermined interval.This page here may have additional resources as well:https://docs.cloud.google.com/monitoring/alerts/metric-absenceI hope this helps, let us know if you have further questions or need assistance with the alert tuning.Thanks!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded