search

elastic / observability-docs

Elastic Observability Documentation
Other
33 stars 159 forks source link

[Alerting]: Add example to rate aggregations page #3734

Open dedemorton opened 5 months ago

dedemorton commented 5 months ago

Description

We decided to pull the example from https://github.com/elastic/observability-docs/pull/3676 because it needed more context.

Here's the content that we pulled. (I did not delete the image in case we want to use it when we develop the example.) We may choose to use a different example, just adding the content here in case we want to use it as a starting point.

[discrete]
[[network-rate-example]]
== Network rate example

The rule definition in this example creates an alert if the rate of bytes received by a host on all network interfaces exceeds 10 bit/s:

[role="screenshot"]
image::images/alerts-rate-aggregation.png[Rule configuration that shows Aggregation A set to RATE host.network.ingress.bytes with a threshold of IS ABOVE 10 FOR THE LAST 1 minute]

Resources

Related PR: https://github.com/elastic/observability-docs/pull/3676

Which documentation set does this change impact?

Stateful and Serverless

Feature differences

n/a

What release is this request related to?

N/A

Collaboration model

The documentation team

Point of contact.

Main contact: @maryam-saeidi

Stakeholders:

maryam-saeidi commented 3 months ago

@simianhacker Do you happen to know a good example of a rule using rate aggregation for network fields, such as host.network.egress.bytes? Maybe you are aware of a ticket that originally proposed adding this aggregation.

simianhacker commented 3 months ago

@maryam-saeidi I think that field is now a "gauge", the old field we use to use was system.network.out.bytes which was a counter from the Metricbeat system module.

maryam-saeidi commented 3 months ago

@jasonrhodes Are you aware of any real-world scenario that we can use as a reference for our rate documentation related to network fields?

jasonrhodes commented 3 months ago

@maryam-saeidi not off the top of my head. Maybe we can check with @felixbarny re: which common fields are counters and try to grab something from that?

felixbarny commented 3 months ago

system.network.in.bytes would be a good example.

felixbarny commented 3 months ago

The docs of the system integration also provide a good overview of the different metrics and corresponding metric types: https://docs.elastic.co/en/integrations/system#metrics-reference.