In my simple rule what I do I alert having found some points for which lambda: evaluates to true:
var data = stream
|from()
.measurement(measurement)
.where(lambda: "organization" =~ where_organization)
.where(lambda: "project" =~ where_project)
.where(lambda: "build_server" == 'build.host.corp')
.groupBy(groups)
data
|window()
.period(window_period)
.every(window_every)
.align()
|alert()
.crit(lambda: "status_code" <= 0)
The data caught by alert() node would look like the following in my case:
{
"series": [
{
"name": "measurement",
"tags": {
"build_server": "build.host.corp",
"host": "24511ae0f374",
"identity": "4078e1b61",
"status": "Idle"
},
"columns": [
"time",
"status_code"
],
"values": [
[
"2018-08-24T16:36:18Z",
1
]
]
},
{
"name": "measurement",
"tags": {
"build_server": "build.host.corp",
"host": "24511ae0f374",
"identity": "415a60e63",
"status": "Idle"
},
"columns": [
"time",
"status_code"
],
"values": [
[
"2018-08-24T16:36:18Z",
1
]
]
},
{
"name": "measurement",
"tags": {
"build_server": "build.host.corp",
"host": "24511ae0f374",
"identity": "8c2337e79",
"status": "N/a"
},
"columns": [
"time",
"status_code"
],
"values": [
[
"2018-08-24T16:36:18Z",
-2
]
]
},
{
"name": "measurement",
"tags": {
"build_server": "build.host.corp",
"host": "24511ae0f374",
"identity": "9c1bb8cf4",
"status": "N/a"
},
"columns": [
"time",
"status_code"
],
"values": [
[
"2018-08-24T16:36:18Z",
-2
]
]
}
]
}
Where each series represents a separate server reported its state within the window() specified, grouped by tags - so to be able to read the tags values in .message() method further on.
And with such data as above I receive 2 alerts - one for each server where status_code = -2. What I’d prefer instead is to get 1 alert having the information about 2 servers above. How can I achieve that?
