Carlos,
What you have looks good.
You are correct that to get different behaviors you need to use two
different alert nodes.
Here is a example of what I think you want to do:
var warn = lambda: "usage_idle" < 40
var crit = lambda: "usage_idle" < 20
var stats = stream
|from()
.database('monitoring')
.measurement('cpu')
.where (lambda: "cpu" == 'cpu-total')
// To filter on prod vs non-prod you need a tag that
identifies prod, I'll use the tag `env` as an example
.groupBy ('project','roles','stage', 'env')
// influxdb/slack alerts
stats
|alert()
.id('....')
.warn(warn)
.crit(crit)
.slack()
|influxDBOut()
.database('alerts')
.retentionPolicy('default')
.measurement('errors')
// some tags
// Crit alerts
stats
// Filter by prod events only
|where(lambda: "env" == 'production')
|alert()
.id('....')
.warn(warn)
.crit(crit)
.stateChanges()
.email()
That should send all events to InfluxDB and slack, while only sending state
changes for prod CRITICAL/OK alerts via email.
Hope that helps. Let me know if you have more questions.
On Wednesday, June 15, 2016 at 10:01:45 AM UTC-6, Carlos Peñas wrote:
>
> We are tiying to define an alert flow based on measurements taken by
> telegraf and stored in influx.
>
> Started with the basic:
>
> var stats = stream
> | from()
> .database('monitoring')
> .measurement('cpu')
> .where (lambda: "cpu" == 'cpu-total')
> | groupBy ('project','roles','stage')
> | alert()...
>
>
> This will alert for all hosts that are gathering metrics... is there a way
> to "refine" the filter stream in the alert node and apply different
> thresholds or must I define different streams?
>
> We need also
>
> * register any evaluated state in influx or log
> * send to slack any state change
> * send to mail any CRITICAL / OK state change from any alerts tagged
> "production"
>
> For the first two tried to do something like
>
>
> ... | alert()
> .id('....')
> .warn(lambda: "usage_idle" < 40)
>
>
> stats | influxDBOut()
> .database('alerts')
> .retentionPolicy('default')
> .measurement('errors')
> // some tags
>
>
> stats.slack()
>
> .channel('#kapacitor')
> .stateChangesOnly(30m)
> .message('{{ .ID }} is {{ .Level}} ({{ index .Fields
> "usage_idle"}})
>
>
>
> It's valid but only state changes get pumped in influxdb, and I expected
> to have any "OK" evaluatuon there. Must I define two separate | alert nodes
> to have disctint behaviour?
>
> Whe also tried to add
>
> stats.crit(lambda: "usage_idle" < 20)
> .email()
>
>
> (whe have no idea how to filter "production ones" there) but also we get
> the same result ¿This will be another | alert node perhaps with its own |
> from node?
>
> Thanks!. I'm just starting with tickscript (two days so far)
>
>
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups
"InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to influxdb+unsubscr...@googlegroups.com.
To post to this group, send email to influxdb@googlegroups.com.
Visit this group at https://groups.google.com/group/influxdb.
To view this discussion on the web visit
https://groups.google.com/d/msgid/influxdb/1df265a8-d0a0-4b92-a103-aa7aadbbcd4c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
