From 5d4d938d49697db55a741f5eda60fe9643470df7 Mon Sep 17 00:00:00 2001 From: Alekh Nema Date: Tue, 24 Sep 2024 22:53:45 +0530 Subject: [PATCH 1/4] SUMO-242752 | Changes in IIS otel app to add metric collection and dashboards --- .../opentelemetry/iis-10-opentelemetry.md | 132 +++++++++++++++++- 1 file changed, 127 insertions(+), 5 deletions(-) diff --git a/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md b/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md index 60f1643795..3939754efe 100644 --- a/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md +++ b/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md @@ -11,19 +11,27 @@ import TabItem from '@theme/TabItem'; thumbnail icon Thumbnail icon -The [Internet Information Services](https://learn.microsoft.com/en-gb/iis/get-started/introduction-to-iis/introduction-to-iis-architecture) (IIS) 10 app is a logs app that helps you monitor your IIS web servers' availability. Preconfigured dashboards provide insight into application pools, ASP.NET applications, requests, latency, visitor locations, visitor access types, traffic patterns, errors, web server operations, and access from known malicious sources. +The [Internet Information Services](https://learn.microsoft.com/en-gb/iis/get-started/introduction-to-iis/introduction-to-iis-architecture) (IIS) 10 app is a logs and metrics app that helps you monitor your IIS web servers' availability. Preconfigured dashboards and searches provide insight into application pools, ASP.NET applications, requests, latency, visitor locations, visitor access types, traffic patterns, errors, web server operations, and access from known malicious sources. IIS logs are sent to Sumo Logic through OpenTelemetry [filelog receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/filelogreceiver). +IIS metrics are sent to Sumo Logic through OpenTelemetry through [windowsperfcountersreceiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/windowsperfcountersreceiver). This receiver, captures the configured system, application, or +custom performance counter data from the Windows registry using the [PDH +interface](https://docs.microsoft.com/en-us/windows/win32/perfctrs/using-the-pdh-functions-to-consume-counter-data). +It is based on the [Telegraf Windows Performance Counters Input +Plugin](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/win_perf_counters). + Schematics ## Fields creation in Sumo Logic for IIS Following are the [Fields](/docs/manage/fields/) which will be created as part of IIS App install if not already present. +- `sumo.datasource`. Has fixed value of **iis**. +- `deployment.environment`. User configured. This is the deployment environment where the IIS cluster resides. For example: `dev`, `prod` or `qa`. - `webengine.cluster.name`. User configured.Enter a name to uniquely identify your IIS web server cluster. This web server cluster name will be shown in the Sumo Logic dashboards. - `webengine.system`. Has fixed value of **iis** -- `sumo.datasource`. Has fixed value of **iis**. +- `webengine.node.name`. Holds the value of the Fully Qualified Domain Name (FQDN) of the machine from which the OpenTelemetry collector is collecting logs and metrics. ## Prerequisites @@ -106,7 +114,11 @@ In this step, you will configure the yaml required for IIS Collection. Path of the different log file configured to capture IIS logs is needed to be given here (see [Prerequisites](#prerequisites)). -You can add any custom fields which you want to tag along with the data ingested in Sumo. Click on the **Download YAML File** button to get the yaml file. +Metrics for IIS are collected through windows perf counters. You can specify the **Collection Interval** to specify at what interval should the metrics be scrapped. + +You can add any custom fields which you want to tag along with the data ingested in Sumo. + +Click on the **Download YAML File** button to get the yaml file. YAML @@ -166,13 +178,49 @@ import LogsOutro from '../../../reuse/apps/opentelemetry/send-logs-outro.md'; +:::note +If one of the specified performance counters cannot be loaded on startup, a warning will be printed, but the application will not fail fast. It is expected that some performance counters may not exist on some systems due to different OS configuration. +::: + ## Sample log messages ```sql title="Sample Log Message - Non-Kubernetes environments" 2023-01-13 10:56:55 10.0.0.111 GET / ProgramID=236 443 - 207.235.176.5 Mozilla/5.0+(compatible;+Nimbostratus-Bot/v1.3.2;+http://cloudsystemnetworks.com) http://www.google.com/url?sa=t&rct=j&q=anomaly%20detection&source=web&cd=4 304 11 1236 70 ``` -## Sample queries +## Sample Metric +``` +{ + "queryId": "A", + "_source": "iis/windowsperfcounters", + "_metricId": "UHWuWs-fdl2-SSVRh6Yfww", + "webengine.node.name": "EC2AMAZ-ENUFFVK", + "_sourceName": "iis", + "host.group": "anemawiniis", + "os.type": "windows", + "webengine.cluster": "test", + "sumo.datasource": "iis", + "instance": "*", + "_sourceCategory": "OTC Metric Input", + "deployment.environment": "anemawiniis", + "_contentType": "win_password", + "host.name": "EC2AMAZ-ENUFFVK", + "metric": "win.aspnet.Request.Execution.Time", + "_collectorId": "00005AF310C7F19E", + "_sourceId": "0000000000000000", + "webengine.system": "iis", + "_sourceHost": "EC2AMAZ-ENUFFVK", + "_collector": "EC2AMAZ-ENUFFVK", + "max": 0, + "min": 0, + "avg": 0, + "sum": 0, + "latest": 0, + "count": 1 +} +``` + +## Sample log query This sample Query is from the **IIS - Overview** > **Visitor Location** panel. @@ -180,11 +228,21 @@ This sample Query is from the **IIS - Overview** > **Visitor Location** panel. " %\"sumo.datasource\"=iis %\"webengine.cluster.name\"=* | json \"log\" as _rawlog nodrop \n| if (isEmpty(_rawlog), _raw, _rawlog) as iis_log_message\n| parse regex field=iis_log_message \"(?\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}) (?\\S+?) (?\\S+?) (?\\S+?) (?\\S+?) (?\\S+?) (?\\S+?) (?\\S+?) (?\\S+?) (?\\S+?) (?\\S+?) (?\\S+?) (?\\S+?)$\"\n| count by c_ip\n| lookup latitude, longitude, country_name from geo://location on ip=c_ip\n| where !isNull(latitude)" ``` +## Sample metric query + +```sql title="Running Application pool" +sumo.datasource=iis deployment.environment=* webengine.cluster.name=* webengine.node.name=* instance=* metric=win.app.pool.was.Current.Application.Pool.State | filter latest = 3 | count +``` + ## Viewing IIS dashboards ### Overview -The **IIS - Overview** dashboard provides a high-level view of the integrity of your Microsoft Internet Information Services (IIS) infrastructure. Dashboard panels display visual graphs and detailed information on IIS versions, platforms, and log formats. Panels also show visitor geographic locations, top app requests. OS platforms, response status, response times, and client and server errors. +The **IIS - Overview** dashboard provides a high-level view of the performance and integrity of your Microsoft Internet Information Services (IIS) infrastructure. Dashboard panels display visual graphs and detailed information on IIS versions, platforms, and log formats. Panels also show visitor geographic locations, top app requests. OS platforms, response status, response times, and client and server errors. + +Use this dashboard to: +* Get a high-level overview of sites, requests, connect, cache, data received and sent, queue, application pool, client location, client platforms, error and threats identified. +* Drill Down to specific use cases by clicking on specific panels of interest. Overview @@ -235,3 +293,67 @@ The **IIS - Visitor Locations** dashboard provides a high-level view of Nginx vi The **IIS - Visitor Traffic Insight** Dashboard provides detailed information on the top documents accessed, top referrers, top search terms from popular search engines, and the media types served. Visitor Traffic Insights + +### Application Pool + +The **IIS - Application Pool** dashboard provides a high-level view of Application Pool State, Information and Worker Process Metrics. + +IIS-Application-Pool + +### ASP.NET + +The **IIS - ASP.NET** dashboard provides a high-level view of the ASP.NET global performance counters. + +Use this dashboard to: + +* Analyze State Server Sessions. +* Monitor Applications Information. +* Understand Request execution and wait time. + +IIS-ASP.NET + +### ASP.NET Applications + +The **IIS - ASP.NET Applications** dashboard provides a high-level view of the ASP.NET application performance counters. + +Use this dashboard to monitor the following key metrics: + +* Compilations +* Errors +* Cache +* Requests Executing +* Requests in Application Queue +* Pipeline Instance Count +* Output Cache + +IIS-ASP.NET-Applications + + +### Cache Performance + +The **IIS - Cache Performance** dashboard provides a high-level view of the the Web Service Cache Counters object includes cache counters specific to the World Wide Web Publishing Service. + +Use this dashboard to monitor the following key metrics: + +* Output Cache +* Cache Memory +* File Cache +* URI Cache + +IIS-Cache-Performance + + +### Web Service + +The **IIS - Web Service** dashboard provides a high-level view of the Web Service object includes counters specific to the World Wide Web Publishing Service. + +Use this dashboard to monitor the following key metrics: + +* Total Site +* Connections +* Site Uptime +* Method +* Miscellaneous + +IIS-Web-Service + From d8db64928571dd980a304dd0dc16cba524679053 Mon Sep 17 00:00:00 2001 From: Jagadisha V <129049263+JV0812@users.noreply.github.com> Date: Wed, 25 Sep 2024 12:17:40 +0530 Subject: [PATCH 2/4] Update iis-10-opentelemetry.md --- .../opentelemetry/iis-10-opentelemetry.md | 63 ++++--------------- 1 file changed, 12 insertions(+), 51 deletions(-) diff --git a/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md b/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md index 3939754efe..996a9de8f0 100644 --- a/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md +++ b/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md @@ -15,11 +15,7 @@ The [Internet Information Services](https://learn.microsoft.com/en-gb/iis/get-st IIS logs are sent to Sumo Logic through OpenTelemetry [filelog receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/filelogreceiver). -IIS metrics are sent to Sumo Logic through OpenTelemetry through [windowsperfcountersreceiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/windowsperfcountersreceiver). This receiver, captures the configured system, application, or -custom performance counter data from the Windows registry using the [PDH -interface](https://docs.microsoft.com/en-us/windows/win32/perfctrs/using-the-pdh-functions-to-consume-counter-data). -It is based on the [Telegraf Windows Performance Counters Input -Plugin](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/win_perf_counters). +IIS metrics are sent to Sumo Logic through OpenTelemetry through [windowsperfcountersreceiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/windowsperfcountersreceiver). This receiver, captures the configured system, application, or custom performance counter data from the Windows registry using the [PDH interface](https://docs.microsoft.com/en-us/windows/win32/perfctrs/using-the-pdh-functions-to-consume-counter-data). It is based on the [Telegraf Windows Performance Counters Input Plugin](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/win_perf_counters). Schematics @@ -28,9 +24,9 @@ Plugin](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/win_pe Following are the [Fields](/docs/manage/fields/) which will be created as part of IIS App install if not already present. - `sumo.datasource`. Has fixed value of **iis**. -- `deployment.environment`. User configured. This is the deployment environment where the IIS cluster resides. For example: `dev`, `prod` or `qa`. -- `webengine.cluster.name`. User configured.Enter a name to uniquely identify your IIS web server cluster. This web server cluster name will be shown in the Sumo Logic dashboards. -- `webengine.system`. Has fixed value of **iis** +- `deployment.environment`. User configured. This is the deployment environment where the IIS cluster resides. For example: `dev`, `prod`, or `qa`. +- `webengine.cluster.name`. User configured. Enter a name to uniquely identify your IIS web server cluster. This web server cluster name will be shown in the Sumo Logic dashboards. +- `webengine.system`. Has fixed value of **iis**. - `webengine.node.name`. Holds the value of the Fully Qualified Domain Name (FQDN) of the machine from which the OpenTelemetry collector is collecting logs and metrics. ## Prerequisites @@ -112,11 +108,9 @@ import SetupColl from '../../../reuse/apps/opentelemetry/set-up-collector.md'; In this step, you will configure the yaml required for IIS Collection. -Path of the different log file configured to capture IIS logs is needed to be given here (see [Prerequisites](#prerequisites)). +The path of the log file configured to capture IIS logs is needed to be given here, refer to [Prerequisites](#prerequisites). -Metrics for IIS are collected through windows perf counters. You can specify the **Collection Interval** to specify at what interval should the metrics be scrapped. - -You can add any custom fields which you want to tag along with the data ingested in Sumo. +Metrics for IIS app are collected through windows perf counters. You can specify the **Collection Interval** to specify at what interval should the metrics be scrapped. You can add any custom fields which you want to tag along with the data ingested in Sumo Logic. Click on the **Download YAML File** button to get the yaml file. @@ -179,7 +173,7 @@ import LogsOutro from '../../../reuse/apps/opentelemetry/send-logs-outro.md'; :::note -If one of the specified performance counters cannot be loaded on startup, a warning will be printed, but the application will not fail fast. It is expected that some performance counters may not exist on some systems due to different OS configuration. +A warning message will be printed if any one of the specified performance counters cannot be loaded on startup. The application will not fail fast with this warning. It is expected that some performance counters may not exist on some systems due to different OS configuration. ::: ## Sample log messages @@ -188,7 +182,7 @@ If one of the specified performance counters cannot be loaded on startup, a warn 2023-01-13 10:56:55 10.0.0.111 GET / ProgramID=236 443 - 207.235.176.5 Mozilla/5.0+(compatible;+Nimbostratus-Bot/v1.3.2;+http://cloudsystemnetworks.com) http://www.google.com/url?sa=t&rct=j&q=anomaly%20detection&source=web&cd=4 304 11 1236 70 ``` -## Sample Metric +## Sample metrics ``` { "queryId": "A", @@ -302,58 +296,25 @@ The **IIS - Application Pool** dashboard provides a high-level view of Applicati ### ASP.NET -The **IIS - ASP.NET** dashboard provides a high-level view of the ASP.NET global performance counters. - -Use this dashboard to: - -* Analyze State Server Sessions. -* Monitor Applications Information. -* Understand Request execution and wait time. +The **IIS - ASP.NET** dashboard provides a high-level view of the ASP.NET global performance counters. This dashboard helps you to analyse the state server sessions, monitor applications information, and understand the request execution and wait time. IIS-ASP.NET ### ASP.NET Applications -The **IIS - ASP.NET Applications** dashboard provides a high-level view of the ASP.NET application performance counters. - -Use this dashboard to monitor the following key metrics: - -* Compilations -* Errors -* Cache -* Requests Executing -* Requests in Application Queue -* Pipeline Instance Count -* Output Cache +The **IIS - ASP.NET Applications** dashboard provides a high-level view of the ASP.NET application performance counters. This dashboard helps you to monitor compilations, errors, cache, requests executing, requests in application queue, pipeline instance count, and output cache. IIS-ASP.NET-Applications - ### Cache Performance -The **IIS - Cache Performance** dashboard provides a high-level view of the the Web Service Cache Counters object includes cache counters specific to the World Wide Web Publishing Service. - -Use this dashboard to monitor the following key metrics: - -* Output Cache -* Cache Memory -* File Cache -* URI Cache +The **IIS - Cache Performance** dashboard provides a high-level view of the the Web Service Cache Counters object includes cache counters specific to the World Wide Web Publishing Service. This dashboard helps you to monitor the output cahce, cache memory, file cache, and URI cache. IIS-Cache-Performance - ### Web Service -The **IIS - Web Service** dashboard provides a high-level view of the Web Service object includes counters specific to the World Wide Web Publishing Service. - -Use this dashboard to monitor the following key metrics: - -* Total Site -* Connections -* Site Uptime -* Method -* Miscellaneous +The **IIS - Web Service** dashboard provides a high-level view of the Web Service object includes counters specific to the World Wide Web Publishing Service. This dashboard helps you to monitor the total site, connections, site uptime, method, and miscellaneous. IIS-Web-Service From 34fed7fa122f9ce948ecd44e75fbf599de5445c4 Mon Sep 17 00:00:00 2001 From: Jagadisha V <129049263+JV0812@users.noreply.github.com> Date: Wed, 25 Sep 2024 12:19:42 +0530 Subject: [PATCH 3/4] Update docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md --- .../web-servers/opentelemetry/iis-10-opentelemetry.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md b/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md index 996a9de8f0..abc0aa3047 100644 --- a/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md +++ b/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md @@ -308,7 +308,7 @@ The **IIS - ASP.NET Applications** dashboard provides a high-level view of the A ### Cache Performance -The **IIS - Cache Performance** dashboard provides a high-level view of the the Web Service Cache Counters object includes cache counters specific to the World Wide Web Publishing Service. This dashboard helps you to monitor the output cahce, cache memory, file cache, and URI cache. +The **IIS - Cache Performance** dashboard provides a high-level view of the the Web Service Cache Counters object includes cache counters specific to the World Wide Web Publishing Service. This dashboard helps you to monitor the output cache, cache memory, file cache, and URI cache. IIS-Cache-Performance From ee42643ea028f3d3153fbb54d2d455da3eaccf63 Mon Sep 17 00:00:00 2001 From: Alekh Nema <91047769+sumoanema@users.noreply.github.com> Date: Mon, 30 Sep 2024 11:50:19 +0530 Subject: [PATCH 4/4] Apply suggestions from code review Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com> Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- .../web-servers/opentelemetry/iis-10-opentelemetry.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md b/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md index abc0aa3047..11e9ade0f8 100644 --- a/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md +++ b/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry.md @@ -11,11 +11,11 @@ import TabItem from '@theme/TabItem'; thumbnail icon Thumbnail icon -The [Internet Information Services](https://learn.microsoft.com/en-gb/iis/get-started/introduction-to-iis/introduction-to-iis-architecture) (IIS) 10 app is a logs and metrics app that helps you monitor your IIS web servers' availability. Preconfigured dashboards and searches provide insight into application pools, ASP.NET applications, requests, latency, visitor locations, visitor access types, traffic patterns, errors, web server operations, and access from known malicious sources. +The [Internet Information Services](https://learn.microsoft.com/en-gb/iis/get-started/introduction-to-iis/introduction-to-iis-architecture) (IIS) 10 app is a logs and metrics app designed to monitor the availability and performance of your IIS web servers. Preconfigured dashboards and searches provide insight into application pools, ASP.NET applications, requests, latency, visitor locations, visitor access types, traffic patterns, errors, web server operations, and access from known malicious sources. IIS logs are sent to Sumo Logic through OpenTelemetry [filelog receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/filelogreceiver). -IIS metrics are sent to Sumo Logic through OpenTelemetry through [windowsperfcountersreceiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/windowsperfcountersreceiver). This receiver, captures the configured system, application, or custom performance counter data from the Windows registry using the [PDH interface](https://docs.microsoft.com/en-us/windows/win32/perfctrs/using-the-pdh-functions-to-consume-counter-data). It is based on the [Telegraf Windows Performance Counters Input Plugin](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/win_perf_counters). +IIS metrics are sent to Sumo Logic through OpenTelemetry through [windowsperfcountersreceiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/windowsperfcountersreceiver). This receiver captures the configured system, application, or custom performance counter data from the Windows registry using the [PDH interface](https://docs.microsoft.com/en-us/windows/win32/perfctrs/using-the-pdh-functions-to-consume-counter-data). It is based on the [Telegraf Windows Performance Counters Input Plugin](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/win_perf_counters). Schematics @@ -296,7 +296,7 @@ The **IIS - Application Pool** dashboard provides a high-level view of Applicati ### ASP.NET -The **IIS - ASP.NET** dashboard provides a high-level view of the ASP.NET global performance counters. This dashboard helps you to analyse the state server sessions, monitor applications information, and understand the request execution and wait time. +The **IIS - ASP.NET** dashboard provides a high-level view of the ASP.NET global performance counters. This dashboard helps you to analyse the state server sessions, monitor applications performance, and understand the request execution and wait time. IIS-ASP.NET