Tail and New Relic Integration

Input and output integration overview

The Tail Telegraf plugin collects metrics by tailing specified log files, capturing new log entries in real-time for further analysis.

This plugin allows the sending of metrics to New Relic Insights using the Metrics API, enabling effective monitoring and analysis of application performance.

Integration details

Tail

The tail plugin is designed to continuously monitor and parse log files, making it ideal for real-time log analysis and monitoring. It mimics the functionality of the Unix tail command, allowing users to specify a file or pattern and begin reading new lines as they are added. Key features include the ability to follow log-rotated files, start reading from the end of a file, and support various parsing formats for the log messages. Users can customize the plugin through various configuration options, such as specifying file encoding, the method for watching file updates, and filter settings for processing log data. This plugin is particularly valuable in environments where log data is critical for monitoring application performance and diagnosing issues.

New Relic

This plugin writes metrics to New Relic Insights utilizing the Metrics API, which provides a robust mechanism for sending time series data to the New Relic platform. Users must first obtain an Insights API Key to authenticate and authorize their data submissions. The plugin is designed to facilitate easy integration with New Relic’s monitoring and analytics capabilities, supporting a variety of metric types and allowing for efficient data handling. Core features include the ability to add prefixes to metrics for better identification, customizable timeouts for API requests, and support for proxy settings to enhance connectivity. It is essential for users to configure these options according to their requirements, enabling seamless data flow into New Relic for comprehensive real-time analytics and insights.

Configuration

Tail

[[inputs.tail]]
  ## File names or a pattern to tail.
  ## These accept standard unix glob matching rules, but with the addition of
  ## ** as a "super asterisk". ie:
  ##   "/var/log/**.log"  -> recursively find all .log files in /var/log
  ##   "/var/log/*/*.log" -> find all .log files with a parent dir in /var/log
  ##   "/var/log/apache.log" -> just tail the apache log file
  ##   "/var/log/log[!1-2]*  -> tail files without 1-2
  ##   "/var/log/log[^1-2]*  -> identical behavior as above
  ## See https://github.com/gobwas/glob for more examples
  ##
  files = ["/var/mymetrics.out"]

  ## Read file from beginning.
  # from_beginning = false

  ## Whether file is a named pipe
  # pipe = false

  ## Method used to watch for file updates.  Can be either "inotify" or "poll".
  ## inotify is supported on linux, *bsd, and macOS, while Windows requires
  ## using poll. Poll checks for changes every 250ms.
  # watch_method = "inotify"

  ## Maximum lines of the file to process that have not yet be written by the
  ## output.  For best throughput set based on the number of metrics on each
  ## line and the size of the output's metric_batch_size.
  # max_undelivered_lines = 1000

  ## Character encoding to use when interpreting the file contents.  Invalid
  ## characters are replaced using the unicode replacement character.  When set
  ## to the empty string the data is not decoded to text.
  ##   ex: character_encoding = "utf-8"
  ##       character_encoding = "utf-16le"
  ##       character_encoding = "utf-16be"
  ##       character_encoding = ""
  # character_encoding = ""

  ## Data format to consume.
  ## Each data format has its own unique set of configuration options, read
  ## more about them here:
  ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md
  data_format = "influx"

  ## Set the tag that will contain the path of the tailed file. If you don't want this tag, set it to an empty string.
  # path_tag = "path"

  ## Filters to apply to files before generating metrics
  ## "ansi_color" removes ANSI colors
  # filters = []

  ## multiline parser/codec
  ## https://www.elastic.co/guide/en/logstash/2.4/plugins-filters-multiline.html
  #[inputs.tail.multiline]
    ## The pattern should be a regexp which matches what you believe to be an indicator that the field is part of an event consisting of multiple lines of log data.
    #pattern = "^\s"

    ## The field's value must be previous or next and indicates the relation to the
    ## multi-line event.
    #match_which_line = "previous"

    ## The invert_match can be true or false (defaults to false).
    ## If true, a message not matching the pattern will constitute a match of the multiline filter and the what will be applied. (vice-versa is also true)
    #invert_match = false

    ## The handling method for quoted text (defaults to 'ignore').
    ## The following methods are available:
    ##   ignore  -- do not consider quotation (default)
    ##   single-quotes -- consider text quoted by single quotes (')
    ##   double-quotes -- consider text quoted by double quotes (")
    ##   backticks     -- consider text quoted by backticks (`)
    ## When handling quotes, escaped quotes (e.g. \") are handled correctly.
    #quotation = "ignore"

    ## The preserve_newline option can be true or false (defaults to false).
    ## If true, the newline character is preserved for multiline elements,
    ## this is useful to preserve message-structure e.g. for logging outputs.
    #preserve_newline = false

    #After the specified timeout, this plugin sends the multiline event even if no new pattern is found to start a new event. The default is 5s.
    #timeout = 5s

New Relic

[[outputs.newrelic]]
  ## The 'insights_key' parameter requires a NR license key.
  ## New Relic recommends you create one
  ## with a convenient name such as TELEGRAF_INSERT_KEY.
  ## reference: https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#ingest-license-key
  # insights_key = "New Relic License Key Here"

  ## Prefix to add to add to metric name for easy identification.
  ## This is very useful if your metric names are ambiguous.
  # metric_prefix = ""

  ## Timeout for writes to the New Relic API.
  # timeout = "15s"

  ## HTTP Proxy override. If unset use values from the standard
  ## proxy environment variables to determine proxy, if any.
  # http_proxy = "http://corporate.proxy:3128"

  ## Metric URL override to enable geographic location endpoints.
  # If not set use values from the standard
  # metric_url = "https://metric-api.newrelic.com/metric/v1"

Input and output integration examples

Tail

1. Real-Time Server Health Monitoring: Implement the Tail plugin to parse web server access logs in real-time, providing immediate visibility into user activity, error rates, and performance metrics. By visualizing this log data, operations teams can quickly identify and respond to spikes in traffic or errors, enhancing system reliability and user experience.

2. Centralized Log Management: Utilize the Tail plugin to aggregate logs from multiple sources across a distributed system. By configuring each service to send its logs to a centralized location via the Tail plugin, teams can simplify log analysis and ensure that all relevant data is accessible from a single interface, streamlining troubleshooting processes.

3. Security Incident Detection: Use this plugin to monitor authentication logs for unauthorized access attempts or suspicious activity. By setting up alerts on certain log messages, teams can leverage this plugin to enhance security postures and respond promptly to potential security threats, reducing the risk of breaches and increasing overall system integrity.

4. Dynamic Application Performance Insights: Integrate with analytics tools to create real-time dashboards that display application performance metrics based on log data. This setup not only helps developers diagnose bottlenecks and inefficiencies but also allows for proactive performance tuning and resource allocation, optimizing application behavior under varying loads.

New Relic

1. Application Performance Monitoring: Use the New Relic Telegraf plugin to send application performance metrics from a web service to New Relic Insights. By integrating this plugin, developers can collect data such as response times, error rates, and throughput, enabling teams to monitor application health in real-time and resolve issues quickly before they impact users. This setup promotes proactive management of application performance and user experience.

2. Infrastructure Metrics Aggregation: Leverage this plugin to aggregate and send system-level metrics (CPU usage, memory consumption, etc.) from various servers to New Relic. This helps system administrators maintain an comprehensive view of infrastructure performance, facilitating capacity planning and identifying potential bottlenecks. By centralizing metrics in New Relic, teams can visualize trends over time and make informed decisions regarding resource allocation.

3. Dynamic Metric Naming for Multi-tenant Applications: Implement dynamic prefixing with the metric_prefix option to differentiate between different tenants in a multi-tenant application. By configuring the plugin to include a unique identifier per tenant in the metric names, teams can analyze usage patterns and performance metrics per tenant. This provides valuable insights into tenant behavior, supporting tailored optimizations and enhancing service quality across different customer segments.

4. Real-time Anomaly Detection: Combine the New Relic plugin with alerting mechanisms to trigger notifications based on unusual metric patterns. By sending metrics such as request counts and response times, teams can set thresholds in New Relic that, when breached, will automatically alert responsible parties. This user-driven approach supports immediate responses to potential issues before they escalate into larger incidents.

Feedback

Thank you for being part of our community! If you have any general feedback or found any bugs on these pages, we welcome and encourage your input. Please submit your feedback in the InfluxDB community Slack.