Closed heoelri closed 6 months ago
Hi @heoelri thanks for raising this issue. I looks like it's is an inconsistency in the documentation. The parameter value from the code is correct (see below).
Threshold: 80
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "80"
Operator: GreaterThan
{
"name": "SNATPortUtilization",
"metricNamespace": "Microsoft.Network/azureFirewalls",
"metricName": "SNATPortUtilization",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
@bzabber can you review the alerts.yaml ?
@heoelri and @arjenhuitema
This is an interesting issue. If you look on line 63 the visible attribute is set to "true" and on line65 it has a tag value of "alz" which means the AMBA-ALZ team has vetted it and it's part of the solution. The other entry is what was autogenerated by AMBA and is based on what Azure customers that have created this alert tend to set the alert threshold at, in this case 99. You're able to determine this by looking at lines 112 which has the visible attribute to "false" and lines 113 to 115 "auto-generated" and has an "agc-" identifier associated with it which shows how common that alert is amongst other customers.
I'll work with the AMBA team to reconcile this so that we don't have a duplicate appearing but it is interesting to see what other customers set the metric at and what we've determined as a good value too.
The inconsistency in alerts.yaml with the operator has been fixed in #140.
Check for previous/existing GitHub issues
Description
SNAT Port Utilization
in https://github.com/Azure/azure-monitor-baseline-alerts/blob/a0757e378f33f72020bd60ecbe8fbd32d9da7806/services/Network/azureFirewalls/alerts.yaml#L59-L60has on one hand a threshold of
https://github.com/Azure/azure-monitor-baseline-alerts/blob/a0757e378f33f72020bd60ecbe8fbd32d9da7806/services/Network/azureFirewalls/alerts.yaml#L73-L74
and a few lines further down below in https://github.com/Azure/azure-monitor-baseline-alerts/blob/a0757e378f33f72020bd60ecbe8fbd32d9da7806/services/Network/azureFirewalls/alerts.yaml#L108-L109
is has a different threshold and operator
https://github.com/Azure/azure-monitor-baseline-alerts/blob/a0757e378f33f72020bd60ecbe8fbd32d9da7806/services/Network/azureFirewalls/alerts.yaml#L122-L125
I'd like to understand why that's the case. Is this an inconsistency or is there a reason for that?