I have the below TICK script which is alerting me when network interfaces get saturated over a period of time. (BTW Thanks for the sideload feature)
The last issue that I am having is hopefully a simple one to solve. I am calculating the mean traffic and storing it in the field “net_io” I am able to use that in a comparison later on but I am not able to use this field in my message string.
These lines:
.id('{{ index .Tags "host"}}/{{ index .Tags "interface"}}/net_io')
.message('{{ .ID }}:{{ index .Fields "net_io" }}:{{ index .Fields "net_io_pct" }}')
produce
"id": "spar802.ny1/eth0/net_io",
"message": "spar802.ny1/eth0/net_io:<no value>:0.7986143069514522",
Any idea what I missing here?? Thanks!
// net_io
// DEFINE: kapacitor define net_io -type batch -tick net_io.tick -dbrp telegraf.2years
// ENABLE: kapacitor enable net_io
// Parameters
var warn = 0.70
var crit = 0.75
var period = 5m
var every = 5m
// Dataframe
var data = batch
|query('''
SELECT non_negative_derivative(max("bytes_sent"), 1s) + non_negative_derivative(max("bytes_recv"), 1s) AS net_io
FROM "telegraf"."2years"."net"
WHERE time < now()
GROUP BY time(15s)
''')
.period(period)
.every(every)
.groupBy(time(15s),'host','interface')
|mean('net_io')
.as('net_io')
|groupBy('host','interface')
var sideload_data = data
|sideload()
.source('file:///var/lib/kapacitor/sideload/net_io')
.order('{{.host}}/{{.interface}}.json')
.field('speed', 1000)
// Thresholds
var alert = sideload_data
|eval(lambda: (("net_io" / 1048576.0) * 8.0) / float("speed") )
.as('net_io_pct')
|alert()
.id('{{ index .Tags "host"}}/{{ index .Tags "interface"}}/net_io')
.message('{{ .ID }}:{{ index .Fields "net_io" }}:{{ index .Fields "net_io_pct" }}')
.warn(lambda: "net_io_pct" > warn)
.crit(lambda: "net_io_pct" > crit)
// Alert
alert
.log('/tmp/net_io_alerts.json')
// .idField('id')
.levelTag('level')
|where(lambda: "level" != '')
|influxDBOut()
.database('nagios')
.retentionPolicy('2years')
.measurement('net_io')
