VMware Modern Apps Community
corey_r
Community Manager
Community Manager
Jump to solution

Can anyone tell me why this alert fired?

Screen+Shot+2016-05-06+at+12.29.08.png

I've looked at the raw data as well, and I simply can't see it.

jason_goocher possibl

Reply
0 Kudos
1 Solution

Accepted Solutions
corey_r
Community Manager
Community Manager
Jump to solution

I'm pretty sure I've got the answer for you justin_rowles! When alert checks occur every ~60 seconds, it is reviewing the minutely summarized data values within the last 'Minutes to Fire' window. You can recreate that view by simply applying align(1m,) to your base query.

When we do that, we get the following chart (please excuse the associated time window -- I'm on CDT):

align(1m, sum(ts("dp.prod.kafka.host.GenericJMX-topic.in.1m.mel.kettle.use.gauge")))

minutely+summarized+data.png

While there were some raw values that were greater than .01, the minutely average of the raw values were all below .01 when the alert fired. Now alert checks do minutely averages by default, but you can choose how you want that summarization to occur by applying your own align() function to your alert query. In the following chart, I specified the 'max' summarization method for align(). By doing this, I am choosing to have the highest value reported every minute displayed at the minute boundary instead of the average value.

align(1m, max, sum(ts("dp.prod.kafka.host.GenericJMX-topic.in.1m.mel.kettle.use.gauge")))

minutely+summarized+data+-+max.png

With this approach, you can see that there were values greater than .01 at the 9:55 and 10:01 boundaries. This means that the alert would not have fired based on this approach. Does this help?

View solution in original post

Reply
0 Kudos
1 Reply
corey_r
Community Manager
Community Manager
Jump to solution

I'm pretty sure I've got the answer for you justin_rowles! When alert checks occur every ~60 seconds, it is reviewing the minutely summarized data values within the last 'Minutes to Fire' window. You can recreate that view by simply applying align(1m,) to your base query.

When we do that, we get the following chart (please excuse the associated time window -- I'm on CDT):

align(1m, sum(ts("dp.prod.kafka.host.GenericJMX-topic.in.1m.mel.kettle.use.gauge")))

minutely+summarized+data.png

While there were some raw values that were greater than .01, the minutely average of the raw values were all below .01 when the alert fired. Now alert checks do minutely averages by default, but you can choose how you want that summarization to occur by applying your own align() function to your alert query. In the following chart, I specified the 'max' summarization method for align(). By doing this, I am choosing to have the highest value reported every minute displayed at the minute boundary instead of the average value.

align(1m, max, sum(ts("dp.prod.kafka.host.GenericJMX-topic.in.1m.mel.kettle.use.gauge")))

minutely+summarized+data+-+max.png

With this approach, you can see that there were values greater than .01 at the 9:55 and 10:01 boundaries. This means that the alert would not have fired based on this approach. Does this help?

Reply
0 Kudos