The software summarizes "Throughput monitor" as a log analyzer tool.
The Throughput Monitor is designed to analyze every single-line log with one event per line. Examples of this type of log producers are syslog and Apache logs. Log lines are filtered using regular expressions such that random or irrelevant data is excluded, leaving only the interesting data that is consistent with the user's regex.
Output from the Throughput Monitor can either be hwm (high water mark) or lwm (low water mark) line. The hwm line is generated when the number of events per timeframe rises above a predefined threshold, while the lwm line is produced when event rates fall below the threshold. The lwm line provides additional statistics related to the incident, including the maximum amount of events, count (total events while rate is over hwm), duration (how long the object was in hwm state), and interval (the average delay between events). The duration is provided in both human-readable format (hh:mm:ss) and seconds for automation.
The utility not only monitors event rates but also gives feedback about parameters to tune, which provides useful data for the user. One drawback of the utility is that it may raise concerns about time travel in log data that is not linear. Specifically, every next matched log entry must have a timestamp that is greater than or equal to the previous timestamp of the same object. This is a common issue with logs in general.
Overall, the Throughput Monitor is an effective tool for detecting high event rates and analyzing log data. It is an ideal application for any organization that needs to monitor their logs in real-time or retrospectively.
Version 0.1: N/A