Hi @nathanielc ,
i have configured Morgoth for anomaly detection as per the Morgoth documentation, but unfortunately alerts are not getting processed.
[ec2-user@ip-172-31-14-178 ~]$ kapacitor show cpu_alert
ID: cpu_alert
Error:
Template:
Type: stream
Status: enabled
Executing: true
Created: 16 May 17 00:48 UTC
Modified: 16 May 17 01:05 UTC
LastEnabled: 16 May 17 01:05 UTC
Databases Retention Policies: ["telegraf"."autogen"]
TICKscript:
// The measurement to analyze
var measurement = 'cpu'
// Optional group by dimensions
var groups = [*]
// Optional where filter
var whereFilter = lambda: TRUE
// The amount of data to window at once
var window = 1m
// The field to process
var field = 'usage_idle'
// The name for the anomaly score field
var scoreField = 'anomalyScore'
// The minimum support
var minSupport = 0.05
// The error tolerance
var errorTolerance = 0.01
// The consensus
var consensus = 0.5
// Number of sigmas allowed for normal window deviation
var sigmas = 3.0
stream
// Select the data we want
|from()
.measurement(measurement)
.groupBy(groups)
.where(whereFilter)
// Window the data for a certain amount of time
|window()
.period(window)
.every(window)
.align()
// Send each window to Morgoth
@morgoth()
.field(field)
.scoreField(scoreField)
.minSupport(minSupport)
.errorTolerance(errorTolerance)
.consensus(consensus)
// Configure a single Sigma fingerprinter
.sigma(sigmas)
// Morgoth returns any anomalous windows
|alert()
.details('')
.crit(lambda: TRUE)
.log('/tmp/cpu_alert.log')
DOT:
digraph cpu_alert {
graph [throughput="0.00 points/s"];
stream0 [avg_exec_time_ns="0s" ];
stream0 -> from1 [processed="46"];
from1 [avg_exec_time_ns="5.916µs" ];
from1 -> window2 [processed="46"];
window2 [avg_exec_time_ns="3.191µs" ];
window2 -> morgoth3 [processed="8"];
morgoth3 [avg_exec_time_ns="0s" ];
morgoth3 -> alert4 [processed="0"];
alert4 [alerts_triggered="0" avg_exec_time_ns="0s" crits_triggered="0" infos_triggered="0" oks_triggered="0" warns_triggered="0" ];`
The morgoth binary is in
/usr/local/bin
with permissions kapacitor:kapacitor. Please find the Kapacitor.conf file below:
[udf]
# Configuration for UDFs (User Defined Functions)
[udf.functions]
[udf.functions.morgoth]
prog = "/usr/local/bin/morgoth"
timeout = "10s"
Hi @nathanielc , i have configured Morgoth for anomaly detection as per the Morgoth documentation, but unfortunately alerts are not getting processed. [ec2-user@ip-172-31-14-178 ~]$ kapacitor show cpu_alert
The morgoth binary is in
with permissions kapacitor:kapacitor. Please find the Kapacitor.conf file below:
Please advise