A data dog background produces five kinds of data packets, in which collectd produces a package with an intake url, including metrics, event and service checks, and a series of global key-value s. statsd accepts a UDP packet and emits three http packages: series,intake and check_run. series is metric, intake is event checking, and check_run is service checking. These three packages come from the resolving of udp, which is consistent with the content of collectd.
1. Firstly, udp package is analyzed. The form of udp package is as follows:
<name>:<value>|<metric_type>|@<sample_rate>|#<tag1_name>:<tag1_value>,<tag2_name>:<tag2_value>:<value>|<metric_type>...
There are three types of name: service_check,events and intake, metric_type, sample_rate and tags. A capture data of udp is shown as follows, where g denotes guage:
jvm.heap_memory_max:1908932608|g|#type:Memory,jmx_domain:java.lang,instance:solr_instance jvm.heap_memory:19460696|g|#type:Memory,jmx_domain:java.lang,instance:solr_instance jvm.non_heap_memory_init:2555904|g|#type:Memory,jmx_domain:java.lang,instance:solr_instance jvm.non_heap_memory_committed:32702464|g|#type:Memory,jmx_domain:java.lang,instance:solr_instance jvm.non_heap_memory_max:-1|g|#type:Memory,jmx_domain:java.lang,instance:solr_instance jvm.non_heap_memory:30390320|g|#type:Memory,jmx_domain:java.lang,instance:solr_instance _sc|solr.can_connect|0|#jmx_server:127.0.0.1,instance:solr_instance
2. Analyse series package. Series package data comes from udp package. The data format is as follows. In the list corresponding to series key, the values in points are timestamp and value, and the time interval is from statsd. The rest of the data are mosaic. Note that tags are transmitted directly by jmx, and the number of tags corresponding to different server s is different.
{ "series": [ { "tags": [ "J2EEApplication:none", "J2EEServer:none", "WebModule://localhost/examples", "instance:tomcat-127.0.0.1-7199", "j2eeType:Servlet", "jmx_domain:Catalina", "name:RequestParamExample" ], "metric": "tomcat.servlet.error_count", "interval": 10, "device_name": null, "host": "xuxideMacBook-Pro.local", "points": [ [ 1478159460, 0 ] ], "type": "gauge" },
3. Analyse check_run packet. The form of check_run packet corresponds to the service_check of collectd. The data of the packet is as follows:
"service_checks":[ { "status":2, "tags":[ "host:localhost", "port:8125" ], "timestamp":1478067233.459331, "check":"statsd.can_connect", "host_name":"wdm-ThinkPad-E450", "message":null, "id":1 }, { "status":2, "tags":[ "check:statsd" ], "timestamp":1478067233.460122, "check":"datadog.agent.check_status", "host_name":"wdm-ThinkPad-E450", "message":null, "id":2 },
There is an obvious difference between the two records of this data package. One is check and the other is tags. Every service under the checksd folder produces a record. The check value of this record must correspond to "datadog.agent.check_status", and the value in tags will indicate the type of service checked, with only one record. Some connected services produce the second type of check, such as'statsd.can_connect', where the number of tags is uncertain. It is important for background parsing to filter out that check is a record of "datadog.agent.check_status". Here status (0, 1, 2, 3) denotes OK, WARNING, CRITICAL, UNKNOWN, respectively.
4. The fourth kind of packet is event packet, the data type is as follows:
"events":{ "System":[ { "timestamp":1478067233.806147, "host":"wdm-ThinkPad-E450", "api_key":"e7afaf986f5cc822406cbd5831328462", "msg_text":"Version 5.9.1", "event_type":"Agent Startup" } ] },