poojabms
commented
5 years ago Could someone please respond? I am stuck with this for over a week now.
Open poojabms opened 5 years ago
poojabms
commented
5 years ago Could someone please respond? I am stuck with this for over a week now.
bogski87
commented
5 years ago Try state count
Hi
New to TICK scripts. I am looking at writing a script for generating an alert when the count of any event exceeds a threshold value, eg 10.
Sample event generation: 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42153194:<7>2019/08/29 07:21:32.73: enf/1 Alarm VolumeRedundancyLoss (196611) on Volume/2adfe2748a raised (sequence 370622, scope cluster, volumeName DR_NEW_5gb_0014_12_vol, isLoggingVolume F, vpdIdentifier 6000144000000010f01a6d2adfe2748a): Volume redundancy is now lower than expected redundancy 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42153195:<7>2019/08/29 07:21:32.73: enf/1 Alarm VolumeRedundancyLoss (196611) on Volume/d2adfe27489 raised (sequence 370623, scope cluster, volumeName DR_NEW_5gb_0013_12_vol, isLoggingVolume F, vpdIdentifier 6000144000000010f01a6d2adfe27489): Volume redundancy is now lower than expected redundancy 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42153196:<7>2019/08/29 07:21:32.73: enf/1 Alarm VolumeRedundancyLoss (196611) on Volume/dfe27488 raised (sequence 370624, scope cluster, volumeName DR_NEW_5gb_0012_12_vol, isLoggingVolume F, vpdIdentifier 6000144000000010f01a6d2adfe27488): Volume redundancy is now lower than expected redundancy 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42153197:<7>2019/08/29 07:21:32.73: enf/1 Alarm VolumeRedundancyLoss (196611) on Volume/1e56524f raised (sequence 370625, scope cluster, volumeName DR_NEW_5gb_0019_12_vol, isLoggingVolume F, vpdIdentifier 6000144000000010e01a6d311e56524f): Volume redundancy is now lower than expected redundancy 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42152684:<7>2019/08/29 07:21:32.71: enf/3 Alarm DiskUnreachable (196612) on Disk/311e564231 raised (sequence 370112, scope cluster): Disk has become unreachable 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42152685:<7>2019/08/29 07:21:32.71: enf/3 Alarm DiskUnreachable (196612) on Disk/6d311e56 raised (sequence 370113, scope cluster): Disk has become unreachable 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42152686:<7>2019/08/29 07:21:32.71: enf/3 Alarm DiskUnreachable (196612) on Disk/6d2adfe2 raised (sequence 370114, scope cluster): Disk has become unreachable 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42152687:<7>2019/08/29 07:21:32.71: enf/3 Alarm DiskUnreachable (196612) on Disk/dfe26524 raised (sequence 370115, scope cluster): Disk has become unreachable 10.xx.xx.xx/cpu0/log:5988:W/"006016abc2aa19858-1":59446464:<7>2019/08/29 07:21:32.81: enf/1 Alarm VolumeRedundancyLoss (196611) on Volume/adfe286fc raised (sequence 5817414, scope cluster, volumeName vol, isLoggingVolume F, vpdIdentifier VPDxx): Volume redundancy is now lower than expected redundancy 10.xx.xx.xx/cpu0/log:5988:W/"006016abc2aa19858-1":59446465:<7>2019/08/29 07:21:32.81: enf/1 Alarm VolumeRedundancyLoss (196611) on Volume/1e566418 raised (sequence 5817415, scope cluster, volumeName vol, isLoggingVolume F, vpdIdentifier VPDxx): Volume redundancy is now lower than expected redundancy 10.xx.xx.xx/cpu0/log:5988:W/"006016abc2aa19858-1":59446466:<7>2019/08/29 07:21:32.81: enf/1 Alarm VolumeRedundancyLoss (196611) on Volume/66417 raised (sequence 5817416, scope cluster, volumeName vol, isLoggingVolume F, vpdIdentifier VPDxx): Volume redundancy is now lower than expected redundancy 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42152688:<7>2019/08/29 07:21:32.71: enf/3 Alarm DiskUnreachable (196612) on Disk/fe264ec raised (sequence 370116, scope cluster): Disk has become unreachable 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42152689:<7>2019/08/29 07:21:32.71: enf/3 Alarm DiskUnreachable (196612) on Disk/2adfe265a4 raised (sequence 370117, scope cluster): Disk has become unreachable 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42152690:<7>2019/08/29 07:21:32.71: enf/3 Alarm DiskUnreachable (196612) on Disk/e5642e2 raised (sequence 370118, scope cluster): Disk has become unreachable 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42153313:<4>2019/08/29 07:22:27.82: evts/5 AMQP socket could not be opened on connection 3fff550, retval -536871023 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42153314:<4>2019/08/29 07:23:27.82: evts/5 AMQP socket could not be opened on connection fff550, retval -536871023 10.xx.xx.xx/cpu0/log:5988:W/"006016a03b6c23117-10":42153315:<4>2019/08/29 07:24:27.82: evts/5 AMQP socket could not be opened on connection fff550, retval -536871023
I want to generate the following alert: Event enf/1 was generated 7 times in the last 10 seconds. and then add the last event generated with that id during the interval 10.xx.xx.xx/cpu0/log:5988:W/"006016abc2aa19858-1":59446466:<7>2019/08/29 07:21:55.81: enf/1 Alarm VolumeRedundancyLoss (196611) on Volume/66417 raised (sequence 5817416, scope cluster, volumeName vol, isLoggingVolume F, vpdIdentifier VPDxx): Volume redundancy is now lower than expected redundancy.
My tick script is: stream |from() .measurement('firmware_events') |groupBy('event_id') |window() .period(10s) .every(10s) |alert() .crit(lambda: "host" =~ /.*/) .details('') .durationField('duration') .message('{{ index .Fields "event_id" }} event was generated during last 10 secs') .log('/home/service/tsdb/logs/director_halted_events.log') |last('event_id')
I am not able to get the count of the events generated during that period. Also, the alert logged in director_halted_events.log file, contains lots of details like data, columns and all the events generated during that period in the values field. I want to get rid of all these data and only have the customized message- Event enf/1 was generated 7 times in the last 10 seconds.