search

nathanielc / morgoth

Metric anomaly detection
http://docs.morgoth.io
Apache License 2.0
280 stars 31 forks source link

Alerts Not Getting Processed #49

Closed itsmesuniljacob closed 7 years ago

itsmesuniljacob commented 7 years ago

Hi @nathanielc , i have configured Morgoth for anomaly detection as per the Morgoth documentation, but unfortunately alerts are not getting processed. [ec2-user@ip-172-31-14-178 ~]$ kapacitor show cpu_alert

ID: cpu_alert
Error: 
Template: 
Type: stream
Status: enabled
Executing: true
Created: 16 May 17 00:48 UTC
Modified: 16 May 17 01:05 UTC
LastEnabled: 16 May 17 01:05 UTC
Databases Retention Policies: ["telegraf"."autogen"]
TICKscript:
// The measurement to analyze
var measurement = 'cpu'

// Optional group by dimensions
var groups = [*]

// Optional where filter
var whereFilter = lambda: TRUE

// The amount of data to window at once
var window = 1m

// The field to process
var field = 'usage_idle'

// The name for the anomaly score field
var scoreField = 'anomalyScore'

// The minimum support
var minSupport = 0.05

// The error tolerance
var errorTolerance = 0.01

// The consensus
var consensus = 0.5

// Number of sigmas allowed for normal window deviation
var sigmas = 3.0

stream
    // Select the data we want
    |from()
        .measurement(measurement)
        .groupBy(groups)
        .where(whereFilter)
    // Window the data for a certain amount of time
    |window()
        .period(window)
        .every(window)
        .align()
    // Send each window to Morgoth
    @morgoth()
        .field(field)
        .scoreField(scoreField)
        .minSupport(minSupport)
        .errorTolerance(errorTolerance)
        .consensus(consensus)
        // Configure a single Sigma fingerprinter
        .sigma(sigmas)
    // Morgoth returns any anomalous windows
    |alert()
        .details('')
        .crit(lambda: TRUE)
        .log('/tmp/cpu_alert.log')

DOT:
digraph cpu_alert {
graph [throughput="0.00 points/s"];

stream0 [avg_exec_time_ns="0s" ];
stream0 -> from1 [processed="46"];

from1 [avg_exec_time_ns="5.916µs" ];
from1 -> window2 [processed="46"];

window2 [avg_exec_time_ns="3.191µs" ];
window2 -> morgoth3 [processed="8"];

morgoth3 [avg_exec_time_ns="0s" ];
morgoth3 -> alert4 [processed="0"];

alert4 [alerts_triggered="0" avg_exec_time_ns="0s" crits_triggered="0" infos_triggered="0" oks_triggered="0" warns_triggered="0" ];`

The morgoth binary is in

/usr/local/bin

with permissions kapacitor:kapacitor. Please find the Kapacitor.conf file below:

[udf]
# Configuration for UDFs (User Defined Functions)
[udf.functions]
    [udf.functions.morgoth]
       prog = "/usr/local/bin/morgoth"
       timeout = "10s"

Please advise

itsmesuniljacob commented 7 years ago

This is working now