Templates:

• Log Group Size

• Log Source Size

For steps to use these Oracle-defined templates to create detection rules, see Create a Detection Rule Using a Template.

Log Group Size

Use this template to create a detection rule to post the size of each log group as a metric. You can set a threshold on the size of the log group to filter. If you specify a size, only the metrics for those log groups which exceed the specified size are posted to OCI Monitoring.

Facets for the template:

Default Query:

@Domain Reporting;
@Sub-Domain Log Analytics Usage;
@Category Data Ingest;
@Platform Any;
@Tags
[Log Group,
    Usage
];
@queryDefaults compartment,logset;
@scheduleDefaults
  <scheduleDefaults xmlns="http://www.oracle.com/DataCenter/LogAnalyticsStd">
    <schedules>
      <schedule>
        <type>FIXED_FREQUENCY</type>
        <recurringInterval allowOverride="true">PT15M</recurringInterval>
        <misfirePolicy>RETRY_ONCE</misfirePolicy>
      </schedule>
    </schedules>
  </scheduleDefaults>;
@monitoringDefaults
  <monitoringDefaults xmlns="http://www.oracle.com/DataCenter/LogAnalyticsStd">
    <namespace allowOverride="true">logan_usage_metrics</namespace>
    <compartment allowOverride="true" useDefault="true"/>
    <metricName allowOverride="true">loggroup_size</metricName>
  </monitoringDefaults>;
var $Size_Threshold  {
@defaultValue 0;
@uiConfig <formField xmlns="http://www.oracle.com/DataCenter/LogAnalyticsStd">
    <dataType>integer</dataType>
    <required>true</required>
    <description>Size in bytes: Post only for the Log Groups exceeding this size</description>
    <default>0</default>
    <validations>
        <userInput>
            <minVal>0</minVal>
            <message>Log Group size threshold. Enter a number greater than or equal to 0</message>
        </userInput>
    </validations>
    <uiFormatting>
        <displayName>Size Threshold</displayName>
        <fieldType>text</fieldType>
    </uiFormatting>
  </formField>;
} * | stats sum('Raw Size') as Size by 'Log Group' | where Size >= $Size_Threshold

Log Source Size

Use this template to create a detection rule to post the size of logs under each log source as a metric. Optionally specify a size threshold of the logs for a log source to filter by. Only the log sources exceeding the threshold size are posted as a metric.

Facets for the template:

Default Query:

@Domain Reporting;
@Sub-Domain Log Analytics Usage;
@Category Data Ingest;
@Platform Any;
@Tags
[Log Source, Usage];
@queryDefaults compartment,logset;
@scheduleDefaults
  <scheduleDefaults xmlns="http://www.oracle.com/DataCenter/LogAnalyticsStd">
    <schedules>
      <schedule>
        <type>FIXED_FREQUENCY</type>
        <recurringInterval allowOverride="true">PT15M</recurringInterval>
        <misfirePolicy>RETRY_ONCE</misfirePolicy>
      </schedule>
    </schedules>
  </scheduleDefaults>;
@monitoringDefaults
  <monitoringDefaults xmlns="http://www.oracle.com/DataCenter/LogAnalyticsStd">
    <namespace allowOverride="true">logan_usage_metrics</namespace>
    <compartment allowOverride="true" useDefault="true"/>
    <metricName allowOverride="true">logsource_size</metricName>
  </monitoringDefaults>;
var $Size_Threshold  {
@defaultValue 0;
@uiConfig <formField xmlns="http://www.oracle.com/DataCenter/LogAnalyticsStd">
    <dataType>integer</dataType>
    <required>true</required>
    <description>Size in bytes: Post only for the Log Sources exceeding this size</description>
    <default>0</default>
    <validations>
        <userInput>
            <minVal>0</minVal>
            <message>Log Source size threshold. Enter a number greater than or equal to 0</message>
        </userInput>
    </validations>
    <uiFormatting>
        <displayName>Size Threshold</displayName>
        <fieldType>text</fieldType>
    </uiFormatting>
  </formField>;
} * | stats sum('Raw Size') as Size by 'Log Source' | where Size >= $Size_Threshold