Alerts from a Tickscript Flip-Flop

Monitoring SSL Certs using X509 input. I want the alert to trigger if an SSL < 5 days remaining but if i check against more than 1 SSL then the alert trigger flip flops as 1 is critical and the other is not.

If FQDN1 is Crit and FQDN2 or 3 isnt then they flip-flop…

Should you make individual scripts for each SSL or is there a more efficient way to write a tickscript ?

var db = 'telegraf'
var rp = 'autogen'
var measurement = 'x509_cert'
var groupBy = ['san']
var whereFilter = lambda: ("san" == 'FQDN1' OR "san" == 'FQDN2' OR "san" == 'FQDN3' )
var name = 'SSL'
var idVar = name + '-{{.Group}}'

var message = '=== SSL Monitor ===
SSL Status: {{.Level}}
Certificate ID: {{.ID}}'

var idTag = 'alertID'
var levelTag = 'level'
var messageField = 'message'
var durationField = 'duration'
var outputDB = 'chronograf'
var outputRP = 'autogen'
var outputMeasurement = 'alerts'
var triggerType = 'threshold'
var warn = 5
var crit = 0

var data = stream
    |eval(lambda: "expiry" / (3600 * 24))

var trigger = data
        .warn(lambda: "value" < warn)
        .crit(lambda: "value" < crit)

    |eval(lambda: float("value"))
        .tag('alertName', name)
        .tag('triggerType', triggerType)


Hello @Si-Richards,

Have you considered using 2.x? You can perform this type of work much more easily because you can pivot your data and change your alert condition logic to operate on each field.

I’m not sure how to solve this problem with TICK script other than making individual scripts unfortunately.