I have an InfluxDB measurement that contains a count of events sent by each host. This measurement is populated with telegraf so each row contains the count of events over 10s for a host. When a host sends no events a zero is added to the measurement. Using Kapacitor, I want to alert when 0 events were recorded by n number of hosts over a period of time.
I’ve started with something like this:
var window_period = 150s
var window_every = 10
var data = stream
|from()
.measurement('events')
.groupBy('host')
|window()
.period(window_period)
.every(window_every)
.align()
| sum('event_count')
.as('event_count')
That gets me the sum of events over an arbitrary window for each host. But now I want to see how many of those have an event_count == 0 and if that is greater than 4 then send an alert.
The documentation say that after a groupBy the groups are processed independently. I was hoping that I could combine them back together someone into a series of points where I could then do
data
| someMagicalUngroupingNode(...)
| where(lambda: 'event_count' == 0)
| count('event_count')
| alert()
.crit(lambda: "count" >= 4)
But I can see no way to combine after a groupBy. Is there way that I’m missing? Perhaps there is a way to sum events without using a groupBy, preventing independent pipelines and allowing my second code sample to work?
