Hi GL,
I’m using Metricbeat for GL 2.4.
I’ve created pibelines and rewritten metric beat_system_memory_used_pct * 100 to get rid of floating % like 0,1
When creating conditions to alert if memory usage exceeds 80 %, the alarms are not responding.
Do I have to use: has_field(field, [message]) : Boolean to make a new field with a static value that the alert (field content alert condition) can respond to or can it be done more simple?
//Carsten
Maybe you should share your pipeline rules, your alerts configuration, and some example messages.
Otherwise it’s not more than bad guess work.
It’s allways a pleasure to receive your great support Jochen,
rule:
rule "metricbeat_system_memory_used_pct"
when
has_field("metricbeat_system_memory_used_pct")
then
let tmp = to_long(to_double($message.metricbeat_system_memory_used_pct) * 100.0);
set_field("metricbeat_system_memory_used_pct_long", tmp);
end
condition:
Configuration: Alert is triggered when messages matching <metricbeat_system_memory_used_pct_long: ">80"> are received. Grace period: 5 minutes. Not including any messages in alert notification. Configured to repeat notifications.
this dosn’t make sence: metricbeat_system_memory_used_pct_long: ">80.
The pipeline is giving me the fields a need, it’s just the alerts which is wrong.
The Field Content Alert Condition literally only checks the field content for a string match. Numeric fields can only be checked for their exact value with that.
As a workaround, you could create a stream consisting of only messages with metricbeat_system_memory_used_pct > 80 and create an alert condition which is triggered if there’s a message in that stream.
Great, I’ll try it out. Thank you Jochen.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.