Help Center/ Log Tank Service/ User Guide/ Log Visualization/ Visualizing Logs in Dashboards/ Dashboard Templates/ Collection Diagnosis Dashboard Templates
Updated on 2025-08-14 GMT+08:00
View PDF

Collection Diagnosis Dashboard Templates

Collection diagnosis dashboard templates support Viewing ICAgent Collection Monitoring, Viewing the Overall ICAgent Status, and Viewing ICAgent Exception Monitoring.

Prerequisites

On the ICAgent Collection tab page of the LTS console, enable ICAgent diagnosis. For details, see Setting ICAgent Collection.

Viewing ICAgent Collection Monitoring

  1. Log in to the LTS console. In the navigation pane, choose Dashboards.
  2. Under the dashboard template, choose Collection Diagnosis Dashboard Template > ICAgent Collection Monitoring to view the chart details.

    • ID of the log group to be filtered. The associated query and analysis statement is as follows: 
      select loggroup from log where report_topic = 'icagent_profile' or report_topic = 'icagent_alarm' group by loggroup
    • ID of the log stream to be filtered. The associated query and analysis statement is as follows: 
      select logstream from log where report_topic = 'icagent_profile' or report_topic = 'icagent_alarm' group by logstream
    • The query and analysis statements associated with the Raw Data Traffic chart are as follows: 
      SELECT
	case 
		when diff [ 1 ] is null then '0' 
		when diff [ 1 ] > 1024 and diff [ 1 ] <= 1024*1024 then concat(round(diff [ 1 ]*1.0/1024,4),' KB')
		when diff [ 1 ] > 1024*1024 and diff [ 1 ] < 1024*1024*1024 then  concat(round(diff [ 1 ]*1.0/1024/1024,4),' MB')
		when diff [ 1 ] > 1024*1024*1024 and diff [ 1 ] < 1024*1024*1024*1024 then  concat(round(diff [ 1 ]*1.0/1024/1024/1024,4),' GB')
		when diff [ 1 ] > 1024*1024*1024*1024 then  concat(round(diff [ 1 ]*1.0/1024,4),' TB')
		else concat(round(diff [ 1 ]*1.0,2),' B') 
END AS "Original Traffic"
	case 
No data available for when diff [ 3 ] is null then' yesterday.
		else round(diff [ 3 ] - 1,2)
END AS "Compared with yesterday"
FROM
	(
	SELECT
		report_topic,
		compare ( traffic, 86400 ) AS diff 
	FROM
		( SELECT report_topic, sum( read_bytes ) AS traffic FROM log WHERE report_topic = 'icagent_profile' GROUP BY report_topic ) 
GROUP BY
	report_topic)
    • The query and analysis statements associated with the Number of collected files chart are as follows: 
      select diff[1] as "Number of collected files", case when diff[3] is not null then round(diff[3] -1 ,2) else' No data yesterday'end as "Compared with yesterday' "from (select compare(uv,86400) as diff from (select report_topic,count(distinct concat(file_name,host_ip)) as uv from log where report_topic = 'icagent_profile' group by report_topic) group by report_topic)
    • The query analysis statement associated with the Number of Collection Devices/Year-on-Year Comparison chart is as follows: 
      select diff[1] as "Number of collection machines", case when diff[3] is not null then round(diff[3] -1 ,2) else' No data yesterday'end as "Compared with yesterday "from (select compare(uv,86400) as diff from (select report_topic,count(distinct host_ip) as uv from log where report_topic = 'icagent_profile' group by report_topic) group by report_topic)
    • The query analysis statement associated with the Data Sending Traffic chart is as follows: 
      SELECT
	"time",
		case 
		when traffic is null then 0 
		else round(traffic*1.0/1024/1024,2)
END AS "Sending Traffic (MB) "
	from
	(SELECT
		time_format( time_floor ( __time, 'PT5M' ), 'yyyy-MM-dd HH:mm' ) AS "time",
		sum( read_bytes ) AS "traffic" 
	FROM
		log 
	WHERE
		report_topic = 'icagent_profile' 
	GROUP BY
		"time")
    • The query analysis statement associated with the ICAgent Writes chart is as follows: 
      select time_floor(__time,'PT5M') as \"time\",sum(read_count) as \"Writes\" where report_topic = 'icagent_profile'  group by \"time\"
    • The query and analysis statements associated with the Number of collection devices chart are as follows: 
      select time_floor(__time,'PT5M') as "time", count(distinct host_ip) as" Number of collection devices "where report_topic = 'icagent_profile' group by "time"
    • The query and analysis statements associated with the Collection File Distribution chart are as follows: 
      SELECT
file_name AS "Collection path,"
		host_ip AS "IP",
		case 
			when traffic is null then '0' 
			when traffic > 1024 and traffic <= 1024*1024 then concat(round(traffic*1.0/1024,2),' KB')
			when traffic > 1024*1024 and traffic < 1024*1024*1024 then  concat(round(traffic*1.0/1024,2),' MB')
			when traffic > 1024*1024*1024 and traffic < 1024*1024*1024*1024 then  concat(round(traffic*1.0/1024,2),' GB')
			when traffic > 1024*1024*1024*1024 then  concat(round(traffic*1.0/1024,2),' TB')
		else concat(round(traffic*1.0,2),' B') 
END AS "Collect traffic"
	FROM
	(SELECT
		file_name,
		host_ip,
		sum( read_bytes ) AS "traffic" 
	WHERE
		"report_topic" = 'icagent_profile' 
	GROUP BY
		file_name,
		host_ip)

Viewing the Overall ICAgent Status

  1. Log in to the LTS console. In the navigation pane, choose Dashboards.
  2. Under the dashboard template, choose Collection Diagnosis Dashboard Template > ICAgent Overall Status to view the chart details.

    • The query analysis statement associated with the Active ICAgents graph is as follows: 
      select diff[1] as "Number of active ICAgents ",case when diff[2] is not null then diff[2] else' No data yesterday'end as "Number of active ICAgents yesterday "from (select report_topic,compare(uv,86400) as diff from (SELECT report_topic,COUNT(DISTINCT ip) as uv FROM log where report_topic = 'icagent_status' group by report_topic) group by report_topic)
    • The query analysis statement associated with the Sending Delay/Times Trend chart is as follows: 
      select time_floor(__time,'PT5M') as \"time\" , sum(\"metric.lts_cost.below_100_ms\") as \"below_100_ms\" , sum(\"metric.lts_cost.100to500ms\") as \"100to500ms\" , sum(\"metric.lts_cost.500msto1s\") as \"500msto1s\" , sum(\"metric.lts_cost.1sto10s\") as \"1sto10s\", sum(\"metric.lts_cost.10ston\") as \"10ston\" from log where \"report_topic\" = 'icagent_status' group by \"time\"
    • The query analysis statement associated with the Running Status Distribution chart is as follows: 
      select status,count(DISTINCT ip) as pv from log where report_topic = 'icagent_status' group by status
    • The query analysis statement associated with the CPU trend chart is as follows: 
      select ip,time_floor(__time,'PT5M') as \"time\",avg(\"metric.cpu_usage\") as \"CPU Usage \" from log where report_topic = 'icagent_status' and \"metric.cpu_usage\" is not null group by \"time\",ip order by \"time\"
    • The query and analysis statements associated with the Overall ICAgent Status graph are as follows: 
      select host_name as "Host name ",ip as "IP", version as" Version number", os as" OS", time_format(MILLIS_TO_TIMESTAMP(ANY_VALUE("metric.start_time")),'yyyy/MM/dd HH:mm:ss ZZZ') as" Startup time ",avg("metric.cpu_usage") as "CPU",avg("metric.mem_used")*1.0 as" Memory (MB),"status as "Running status"where report_topic = 'icagent_status' group by host_name,ip,version,os,status

Viewing ICAgent Exception Monitoring

  1. Log in to the LTS console. In the navigation pane, choose Dashboards.
  2. Under the dashboard template, choose Collection Diagnosis Dashboard Template > ICAgent Exception Monitoring to view the chart details.

    • ID of the log group to be filtered. The associated query and analysis statement is as follows: 
      select loggroup from log where report_topic = 'icagent_profile' or report_topic = 'icagent_alarm' group by loggroup limit 10000
    • ID of the log stream to be filtered. The associated query and analysis statement is as follows: 
      select logstream from log where report_topic = 'icagent_profile' or report_topic = 'icagent_alarm' group by logstream limit 10000
    • The query analysis statement associated with the Key Errors chart is as follows: 
      select diff[1] as "Number of errors", case when diff[3] is not null then round(diff[3] - 1, 2) else' No data yesterday'end as" Number of errors compared with yesterday "from (select report_topic,compare(pv, 86400) as diff from (select report_topic,count(1) as pv from log where report_topic = 'icagent_alarm' group by report_topic) group by report_topic)
    • The query analysis statement associated with the Discard Jumbo Rows chart is as follows: 
      select diff[1] as "Discarded Lines" ,  case when diff[3] is not null then round(diff[3] - 1 , 2) else 'No data yesterday' end as "Discarded Lines (Day-on-Day)" from (select report_topic,compare(pv , 400) as diff from (select report_topic,count(1) as pv from log where report_topic = 'icagent_alarm' and alarm_type = 'DISCARD_BIG_LINE' group by report_topic) group by report_topic)
    • The query analysis statement associated with the LTS request failed graph is as follows: 
      select diff[1] as "Number of failed requests", case when diff[3] is not null then round(diff[3] - 1, 2) else' No data yesterday'end as" Number of failed requests compared with yesterday "from (select report_topic,compare(pv, 86400) as diff from (select report_topic,count(1) as pv from log where report_topic = 'icagent_alarm' and alarm_type = 'HTTP_REQUEST_ALARM' group by report_topic) group by report_topic)
    • The query analysis statement associated with the Number of Problems with File Size Exceeding the Upper Limit chart is as follows: 
      select diff[1] as "Number of problems whose file size exceeds the upper limit " ,case when diff[3] is not null then round(diff[3] - 1, 2) else' No data yesterday'end as" Number of problems whose file size exceeds the upper limit compared with yesterday "from (select report_topic,compare(pv, 86400) as diff from (select report_topic,count(1) as pv from log where report_topic = 'icagent_alarm' and alarm_type = 'COLLECT_FILE_EXCEED' group by report_topic) group by report_topic)
    • The query analysis statement associated with the Critical Errors (Mandatory) chart is as follows: 
      select TIME_FORMAT(MILLIS_TO_TIMESTAMP(ANY_VALUE(report_time/1000000)),'yyyy/MM/dd HH:mm:ss ZZ') as" Last occurrence time", loggroup as" Log group ID,"logstream as "Log stream ID", host_ip as "IP", alarm_type as" Alarm type," os as "System type", alarm_message as" Alarm details "where report_topic = 'icagent_alarm' group by loggroup,logstream,host_ip,alarm_type,os,alarm_message limit 10000
    • The query analysis statement associated with the Discard Jumbo Rows chart is as follows: 
      select TIME_FORMAT(MILLIS_TO_TIMESTAMP(ANY_VALUE(report_time/1000000)),'yyyy/MM/dd HH:mm:ss ZZ') as" Last occurrence time", loggroup as" Log group ID,"logstream as "Log stream ID", host_ip as "IP", alarm_type as" Alarm type," os as "System type", alarm_message as" Alarm details "where report_topic = 'icagent_alarm' and alarm_type = 'DISCARD_BIG_LINE' group by loggroup,logstream,host_ip,alarm_type,os,alarm_message limit 10000
    • The query analysis statement associated with the LTS request failure details graph is as follows: 
      select TIME_FORMAT(MILLIS_TO_TIMESTAMP(ANY_VALUE(report_time/1000000)),'yyyy/MM/dd HH:mm:ss ZZ') as" Last occurrence time", loggroup as" Log group ID,"logstream as "Log stream ID", host_ip as "IP", alarm_type as" Alarm type," os as "System type", alarm_message as" Alarm details "where report_topic = 'icagent_alarm' and alarm_type = 'HTTP_REQUEST_ALARM' group by loggroup,logstream,host_ip,alarm_type,os,alarm_message limit 10000
    • The query analysis statement associated with the Details about the number of problems that exceed the file limit chart is as follows: 
      select TIME_FORMAT(MILLIS_TO_TIMESTAMP(ANY_VALUE(report_time/1000000)),'yyyy/MM/dd HH:mm:ss ZZ') as" Last occurrence time", loggroup as" Log group ID,"logstream as "Log stream ID", host_ip as "IP", alarm_type as" Alarm type," os as "System type", alarm_message as" Alarm details "where report_topic = 'icagent_alarm' and alarm_type = 'COLLECT_FILE_EXCEED' group by loggroup,logstream,host_ip,alarm_type,os,alarm_message limit 10000

Parent topic: Dashboard Templates