Open ejether opened 8 years ago
nathanielc
commented
8 years ago @ejether I am not clear on what you are asking. Can you share the output of kapacitor show task for one of your tasks?
Based on what you shared it looks like you are templating the TICKscript with some external values but I am not quite sure I follow what the final result looks like.
ejether
commented
8 years ago Thanks for responding, I have since changed the Tick so the output of what your requesting would no longer make sense. Unfortunatly I didn't save the output of the previous tick either.
I'll see if I can do a little better job explaining it.
The JSON blob shown is the output to the log file in the .log node in the tick. In the data values section of the json blob shown there "typeName" column, one of the .groupBy in the .from node, there are three distinct "typeNames"
I'd like it if each type, based on the value, could raise a separate alert. For example here, the row with type "type=Broker,brokerName=localhost,destinationType=Queue,destinationName=ActiveMQ.DLQ" has a value of 2533, and the other two have a value of 0. If my alert threshold was value > 1 then the alert would trigger for just one type instead of as a combination of the type.
I want this because I want to be able to use a more generic tick instead of having a separate tick for each typeName
I hope that is more clear
nathanielc
commented
8 years ago @ejether If I understood correctly then you should be able to use an |eval() node to convert the field into a tag and then groupBy that tag to get separate alerts.
ejether
commented
8 years ago Great! I'll give that a try. Thanks
SS30723
commented
4 years ago @nathanielc .. stream |from() . where(lambda : (("application" == 'A' OR "application" == 'B') AND "reasoncode" == '404')) .groupBy('application') |window() .period(5m) .every(5m) |count('reasoncode') .as('value') |log() |alert() .crit(lambda: (value >2)) .log(/tmp/alert.log)
Question: In the alert.log, we want to the see the count based on the application, how to achieve that? currently in the alert.log, we see the output as application A and value as 10 (may be it is picking up the application name based on the first point received) But we are expecting to see the list of applications and their corresponding 404 values as per the above query.
ashishkaransingh
commented
4 years ago It would be great to have seperate alerts with multiple fields using on tickscript.
ashishkaransingh
commented
4 years ago @ejether did you get what you were looking for based on nathanielc's suggestion?
ejether
commented
4 years ago @ashishkaransingh it has been a few years. I am no longer using Influx and can't easily answer your question. Sorry!
Is there a way to have separate alerts base on a single tick for different fields of data?
Example:
For each of 'typeNames' show, I'd like there to be an individual alert on the media of each 'typeName' instead of an alert, in this case, based on the median 'queueSize' of all of the types selected?
I'd like this so I don't have to create a separate tick for each of the "typeNames" that I have.
which produces this data: