Carlos, What you have looks good.
You are correct that to get different behaviors you need to use two different alert nodes. Here is a example of what I think you want to do: var warn = lambda: "usage_idle" < 40 var crit = lambda: "usage_idle" < 20 var stats = stream |from() .database('monitoring') .measurement('cpu') .where (lambda: "cpu" == 'cpu-total') // To filter on prod vs non-prod you need a tag that identifies prod, I'll use the tag `env` as an example .groupBy ('project','roles','stage', 'env') // influxdb/slack alerts stats |alert() .id('....') .warn(warn) .crit(crit) .slack() |influxDBOut() .database('alerts') .retentionPolicy('default') .measurement('errors') // some tags // Crit alerts stats // Filter by prod events only |where(lambda: "env" == 'production') |alert() .id('....') .warn(warn) .crit(crit) .stateChanges() .email() That should send all events to InfluxDB and slack, while only sending state changes for prod CRITICAL/OK alerts via email. Hope that helps. Let me know if you have more questions. On Wednesday, June 15, 2016 at 10:01:45 AM UTC-6, Carlos Peñas wrote: > > We are tiying to define an alert flow based on measurements taken by > telegraf and stored in influx. > > Started with the basic: > > var stats = stream > | from() > .database('monitoring') > .measurement('cpu') > .where (lambda: "cpu" == 'cpu-total') > | groupBy ('project','roles','stage') > | alert()... > > > This will alert for all hosts that are gathering metrics... is there a way > to "refine" the filter stream in the alert node and apply different > thresholds or must I define different streams? > > We need also > > * register any evaluated state in influx or log > * send to slack any state change > * send to mail any CRITICAL / OK state change from any alerts tagged > "production" > > For the first two tried to do something like > > > ... | alert() > .id('....') > .warn(lambda: "usage_idle" < 40) > > > stats | influxDBOut() > .database('alerts') > .retentionPolicy('default') > .measurement('errors') > // some tags > > > stats.slack() > > .channel('#kapacitor') > .stateChangesOnly(30m) > .message('{{ .ID }} is {{ .Level}} ({{ index .Fields > "usage_idle"}}) > > > > It's valid but only state changes get pumped in influxdb, and I expected > to have any "OK" evaluatuon there. Must I define two separate | alert nodes > to have disctint behaviour? > > Whe also tried to add > > stats.crit(lambda: "usage_idle" < 20) > .email() > > > (whe have no idea how to filter "production ones" there) but also we get > the same result ¿This will be another | alert node perhaps with its own | > from node? > > Thanks!. I'm just starting with tickscript (two days so far) > > -- Remember to include the InfluxDB version number with all issue reports --- You received this message because you are subscribed to the Google Groups "InfluxDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+unsubscr...@googlegroups.com. To post to this group, send email to influxdb@googlegroups.com. Visit this group at https://groups.google.com/group/influxdb. To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/1df265a8-d0a0-4b92-a103-aa7aadbbcd4c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.