Is there a way to custom the threshold of a Kapacitor's alert?

InfluxDB 1 Kapacitor
1

I’m pretty new to TICK and I’m struggling with a problem. I’m monitoring a software which writes data into influxdb and at the moment I tried to set a threshold at 4, send an alarm everytime one data point exceeds it and it works perfectly. By the way, I’d like to replace this static value with the stddev of the last 5 minutes of data in my time series.

Is that a possible thing? When I create the alert rule from Kapacitor’s UI, I can’t write queries (indeed I can only insert a real/integer number or an arithmetic operation) so I tried to do it in the TICKscript but I’m not very good with it. Any tips?

This is the TICKscript if needed: Hastebin: Send and Save Text or Code Snippets for Free | Toptal®

2

Hello @greasy-sandwich,
May I ask, if you’re new to InfluxDB, why are you trying to use TICK and Kapacitor?

I find it’s much easier to use Flux and and tasks.
That’s definitely possible, but I’d only be able to help you with Flux and tasks. Otherwise, I suggest creating an issue in Issues · influxdata/kapacitor · GitHub.

3

Are u still able to help me? what do u mean with Flux and tasks? never used Flux :frowning:

4

Hello @greasy-sandwich,
yes I mean with Flux tasks.
The Flux task would look something like:

import "influxdata/influxdb/monitor"
import "influxdata/influxdb/v1"
import "math"

option task = {
name: "value_outlier_check",
every: 1h,
offset: 5m,
}

//Gather historical data/sample from longer time range 
data = from(bucket: "myBucket")
    |> range(start: -10d)
    |> filter(fn: (r) => r["_measurement"] == "myMeasurement")
    |> filter(fn: (r) => r["myTag"] == "myTagValue")
    |> filter(fn: (r) => r["_field"] == "myField")
//Calculate mean from sample
mean_val = (data
    |> mean(column: "_value")
    |> findRecord(fn: (key) => true, idx: 0))._value

//Calculate standard deviation from sample
stddev_val = (data
    |> stddev()
    |> findRecord(fn: (key) => true, idx: 0))._value

//Run monitor.check() on data
data
    |> range(start: -90m)
    |> map(
        fn: (r) => ({r with
level: if r._value < mean_val + math.abs(x: stddev_val) then
                1
            else 
                2
}),
)
    |> monitor.check(
ok: (r) => r["level"] == 1,
crit: (r) => r["level"] == 2,
messageFn: (r) => if r._level == "ok" then
            "${r._check_name} - value within a single deviation of mean @ ${r._value}"
        else
            "${r._check_name} - value is an outlier @ ${r._value}!",
data: {_check_name: "value_outlier_check", _check_id: "081488f2dc59f000", _type: "custom", tags: {}},
)

Here we’re calculating whether or not our data is outside one standard deviation from the mean value of our data.

5

I’m going to try it soon, I still don’t know where to find my influx bucket name but i’ll manage to do it. Thank you!