You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
R15: memory quota vastly exceeded (>512mb) and autokill incoming
Generic errors (client and server)
at=error | timechart span="1hr" count by desc
Generic errors (server only)
at=error | regex source!="client" | timechart span="1hr" count by desc
Memory quota errors:
R14 OR R15 | stats count by date
# Sexier version
R14 OR R15 | rex "- Error (?<error_code>R\d\d) \((?<error_message>.+)\)" | eval error=error_code." ".error_message | timechart span="5m" count by error
load average/min/max for all services (includes web, workers, jobs, scheduler, other)
sourcetype="syslog" measure="load_avg_5m"
| timechart span="15m" avg(val) as avg, max(val) as max, min(val) as min by sourcetype
load average/min/max by application (web/workers)
sourcetype="syslog" measure="load_avg_5m"
| rex "(heroku|app) (?<dyno>\w+\.\d+) -"
| regex dyno="(web|worker)"
| timechart span="15m" avg(val) as avg, max(val) as max, min(val) as min by sourcetype
load avg/min/max load by web
sourcetype="syslog" measure="load_avg_5m"
| rex "heroku (?<dyno>\w+\.\d+) -"
| regex dyno="web"
| timechart span="3hr" avg(val) as "average load", min(val) as "min load", max(val) as "max load"
load average by web dyno
sourcetype="syslog" measure="load_avg_5m"
| rex "(heroku|app) (?<dyno>\w+\.\d+) -"
| regex dyno="web"
| timechart span="15m" avg(val) as avg by dyno
load avg/min/max load by workers
sourcetype="syslog" measure="load_avg_5m"
| rex "heroku (?<dyno>\w+\.\d+) -"
| regex dyno="worker"
| timechart span="3hr" avg(val) as "average load", min(val) as "min load", max(val) as "max load"
load average by worker dyno
sourcetype="syslog" measure="load_avg_5m"
| rex "(heroku|app) (?<dyno>\w+\.\d+) -"
| regex dyno="worker"
| timechart span="15m" avg(val) as avg by dyno
average/min/max memory for all services (includes web, workers, jobs, scheduler, other)
sourcetype="syslog" measure="memory_total"
| timechart span="15m" avg(val) as avg, max(val) as max, min(val) as min by sourcetype
average/min/max memory by application (web/workers)
sourcetype="syslog" measure="memory_total"
| rex "(heroku|app) (?<dyno>\w+\.\d+) -"
| regex dyno="(web|worker)"
| timechart span="15m" avg(val) as avg, max(val) as max, min(val) as min by sourcetype
average/min/max memory by web
sourcetype="syslog" measure="memory_total"
| rex "(heroku|app) (?<dyno>\w+\.\d+) -"
| regex dyno="web"
| timechart span="3hr" avg(val) as avg, max(val) as max, min(val) as min
average memory by web dyno (web/workers)
sourcetype="syslog" measure="memory_total"
| rex "(heroku|app) (?<dyno>\w+\.\d+) -"
| regex dyno="web"
| timechart span="15m" avg(val) as avg by dyno
average memory by worker dyno (web/workers)
sourcetype="syslog" measure="memory_total"
| rex "(heroku|app) (?<dyno>\w+\.\d+) -"
| regex dyno="worker"
| timechart span="15m" avg(val) as avg by dyno
A collection of Splunk recipes for Heroku logs. Instructions for setting up
Splunk Storm with Heroku can be found here.
For the vast majority of these recipes you'll need to have enabled the Heroku labs
feature, log-runtime-metrics, for your application.
