Timed trigger for an alert

datalust / seq-tickets

Issues, design discussions and feature roadmap for the Seq log server

https://datalust.co/seq

97 stars 5 forks source link

Timed trigger for an alert #2252

Closed MoazAlkharfan closed 4 weeks ago

MoazAlkharfan commented 2 months ago

So I would like to have an alert trigger outside of the time grouping that's specified. For example:

Check for specific signal with a time grouping of 6 hours (identify an issue might have happened)
Alert once when it's first found
Keep alerting every 1 hour until it's not triggered (ignore alerting when suppressed)

The main reason for this is to keep an eye on a specific event until it's fixed. But when the trigger is only checked by the time grouping then monitoring an issue would require to constantly keep an eye on the log.

KodrAus commented 2 months ago

Hi @MoazAlkharfan :wave: Seq calculates the interval it checks the alert on based on the time grouping, so there isn't currently a way to decouple them. Is there a reason not to set the time grouping to 1 hour here? It looks like both the initial condition and the on-going condition are the same besides the time window you want to check in.

KodrAus commented 4 weeks ago

Just following up through triage here; we don't have a way to set a different time grouping once an alert has triggered. Once Seq has triggered an alert over a period it won't recheck until at least that interval has passed, otherwise you'll be alerting again on the same data. The closest solution here would be just to use the shorter interval for your initial time grouping if possible.