Configuring Which Log Messages Become Events

You can configure rules to determine which log messages become events.

Cloudera defines a number of rules by default. For example:

  • The line {"rate": 10, "threshold":"FATAL"}, means log entries with severity FATAL should be forwarded as events, up to 10 a minute.
  • The line {"rate": 0, "exceptiontype": "java.io.EOFException"}, means log entries with the exception java.io.EOFException should always be forwarded as an event.

The syntax for these rules is defined in the Description field for this property: the syntax lets you create rules that identify log messages based on log4j severity, message content matching, or the exception type. These rules must result in valid JSON.

Minimum Required Role: Configurator (also provided by Cluster Administrator, Limited Cluster Administrator , and Full Administrator)

  1. Select Clusters > cluster_name > service_name.
  2. Click the Configuration tab.
  3. Enter Rules to Extract Events from Log Files in the Search text field.
  4. Click the Monitoring category.
  5. Select the role group for the role for which you want to configure log events, or search for "Rules to Extract Events from Log Files."
    Note that for some roles there may be more than one role group, and you may need to modify all of them. The easiest way to ensure that you have found all occurrences of the property you need to modify is to search for the property by name. Cloudera Manager shows all copies of the property that matches the search filter.
  6. In the Content field, edit the rules as needed. Rules can be written as regular expressions.
  7. Enter a Reason for change, and then click Save Changes to commit the changes.
  8. Click the Cloudera Manager logo to return to the Home page.
  9. Click the icon that is next to any stale services to invoke the cluster restart wizard.