Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
RuiChang
Staff
Staff

Created on ‎11-01-2023 10:40 PM Edited on ‎11-02-2023 01:30 AM By Moderator

Article Id 282445

Technical Tip: Application of Prometheus in FortiAnalyzer BigData

Description

 

This article describes the fundamental application of Prometheus in FortiAnalyzer Big Data for analysis and Monitoring.

 

This article only provides a general application of Prometheus in FortiAnalyzer Big Data. For advanced applications, refer to Prometheus official documentation: Prometheus.

 

Scope

 

FortiAnalyzer Big Data.

 

Solution

 

FortiAnalyzer Big Data has implemented Prometheus in the design to ease the work of monitoring and analysis. The feature is located at Cluster Manager -> Monitor -> Log & Metrics -> Metrics (Prometheus)  Untitled.png  is selected under Explore.

 

RuiChang_0-1698892929644.png

 

In Prometheus, there are four types of metrics to consider:

  1. COUNTER.
  2. GAUGE.
  3. HISTOGRAM.
  4. SUMMARY.

 

For more information, refer to METRIC TYPES to understand each of the metrics.

 

After a basic understanding of the metrics above, it is possible to utilize the query in Prometheus known as PromQL to obtain the data from the database. Prometheus contains multiple functions to query different types of metrics.

Hence, users need to understand the types of metrics and apply the functions accordingly.

 

Refer to the link below for a list of functions in Prometheus: Query Functions.

 

The PromQL will follow the format below:

 

Function_name (Metrics_name {Filter} [time_period])

 

For example:

 

rate(kudu_bytes_flushed{kubernetes_node="blade-10-0-1-2"}[5m])

 

Function_name = rate

Metrics_name = kudu_bytes_flushed

Filter = kubernetes_node="blade-10-0-1-2"

Time_period = 5m

 

RuiChang_0-1698892958188.png

 

 

Besides, PromQL supports basic operators for queries with different requirements:

 

== (equal to)

!= (does not equal)

> (greater than)

< (less than)

>= (greater than or equal to)

<= (less than or equal to)

=~{ A | B} --> return A or B

!~{ A | B} --> return not A or B

.*xxx --> for incomplete string

 

The example below shows the query to calculate the difference between data at 5m and 10 mins:

 

RuiChang_0-1698892981075.png

 

 

Lastly, Prometheus contains Instant Query and Range queries.

 

  • Instant query: when querying Prometheus for a result of an expression on a single timestamp. e.g. for alerting.

 

RuiChang_0-1698893012692.png

 

  •  Range query: when querying Prometheus for an expression with start and end timestamps.

 

RuiChang_0-1698893044748.png

 

RuiChang_1-1698893044752.png

 

 

Related document:

Prometheus Cheat Sheet

301
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.