Hi,
I am new to tickstack we have deployed tickstack in our environment currently we are monitoring cpu and memory usage.I need help getting to monitor node down alerts.Can someone guide through script to monitor node down/up alerts?
Regards
Kumaresan
are you using Kapacitor ?
Kapacitor script can raise alerting in case no data coming from node.
Hi Pawan,
Thanks for addressing. I am new to tickstk currently we are monitoring cpu and memory.
We have kcapcitor but not sure how to implement node down alerting. Could you help me on it? Is there any script or json for monitoring node down?
Regards
Kumaresan
Does this help?
It processes data points in your measurement. Once throughput drops below your define threshold it will trigger an alert. When a data point is received it will recover.
Example: This will process data on the âmemâ measurement, when data points drop below 100.0 in 1 minute an alert is generated. If an alert is generated its written to a log file. Take in consideration, this is from a template i use so some values are coded into settings files so some values will need updating.
the log file is created using the name variable, so the file will be whatever you name your alert
var data = stream
|from()
.measurement('mem')
.groupBy(*)
.where(whereFilter)
var trigger = data
|deadman(100.0, 1m)
.message(message)
.id(idVar)
.idTag(idTag)
.levelTag(levelTag)
.messageField(messageField)
.durationField(durationField)
.log('/tmp/'+ name + '.log')
trigger
|influxDBOut()
.create()
.database(outputDB)
.retentionPolicy(outputRP)
.measurement(outputMeasurement)
.tag('alertName', name)
.tag('triggerType', triggerType)
trigger
|httpOut('output')
I would personally suggest dropping Influx Dataâs âChronografâ package, you can define alerts from there. They are very basic but give you a good starting point/template for your general alerts. Unfortutnately it doesnât use all the possible Kapacitor nodes.
Once youâve got the hang of that, then you can start editing the scripts in an IDE and defining them in Kapacitor yourself.
Hi Phlip,
Thanks for the update.Is there way to get server down alert monitored through tickstack?
Could you provide some example scripts that will help me?
Regards
Kumare
Hey @Kumaresan78, sorry i was out of the office for the last week.
The above script is a TICK script so would run on the TICK stack. Chronograf (the C in TICK) will visualise and graph your data. But, if you have it installed you can go to
âtasksâ > âmanage tasksâ > âBuild new ruleâ
From there, you have a few options for the threshold type. If you select âdeadmanâ you can pick the measurement you want to monitor for through put. Saving the script will let you go back to the manage tasks section, from there you can view the tick script itself.
The deadman node will detect through put for a specific measurement. So if you were monitoring linux machines you could target the mem measurement and alert when there is no data being inserted to that measurement.
Iâve generated a basic deadman alert in Chronograf and attached the code. Iâve removed my database references.
This version will check the mem measurement for zero through put.
var db = âyour_data_sourceâ
var rp = âyour_RPâ
var measurement = âmemâ
var groupBy = [âhostâ]
var whereFilter = lambda: TRUE
var period = 10m
var name = âDeadManMemâ
var idVar = name + â-{{.Group}}â
var message = ââ
var idTag = âalertIDâ
var levelTag = âlevelâ
var messageField = âmessageâ
var durationField = âdurationâ
var outputDB = âchronografâ
var outputRP = âautogenâ
var outputMeasurement = âalertsâ
var triggerType = âdeadmanâ
var threshold = 0.0
var data = stream
|from()
.database(db)
.retentionPolicy(rp)
.measurement(measurement)
.groupBy(groupBy)
.where(whereFilter)var trigger = data
|deadman(threshold, period)
.stateChangesOnly()
.message(message)
.id(idVar)
.idTag(idTag)
.levelTag(levelTag)
.messageField(messageField)
.durationField(durationField)
.log(â/tmp/deadmanlogs.logâ)trigger
|eval(lambda: âemittedâ)
.as(âvalueâ)
.keep(âvalueâ, messageField, durationField)
|eval(lambda: float(âvalueâ))
.as(âvalueâ)
.keep()
|influxDBOut()
.create()
.database(outputDB)
.retentionPolicy(outputRP)
.measurement(outputMeasurement)
.tag(âalertNameâ, name)
.tag(âtriggerTypeâ, triggerType)trigger
|httpOut(âoutputâ)
As mentioned, Chronograf is great for building the basics of a script or some templates but lacks the functionality of the some of the Kapacitor nodes. Once you get the hang of the TICK scripts generated by Chronograf you can start to modify the code to use different Kapacitor nodes such as |stateDuration, |stateCount.
Hope that helps a little.
Thanks Philb.
We are not using chronograf rather we use grafana.We have telegraf,kapapcitor,influxdb installed on all servers from grafana we add source and import via json then create dashboard.The above tick script build from chronograf is there way to achieve similar with grafana?
Regards
Kumaresan
hi @Kumaresan78
Iâm afraid i donât know how to configure alerts from within Grafana, we were unable to include some of the template tags from Grafana in our alerts so we only use Grafana purely for our dashboards.
Our alerts are handled by Kapacitor, the tick script itself is generated by Chronograf but the code would be the same whether generated from Chronograf or written inside an IDE.
A quick question, are you wanting to alert when a node with the TICK stack goes offline? if so, then the following wonât work as Kapacitor wonât be running if the node is offline. If thats the case, then you might need to ask on the Grafana forums about setting an alert up for this. Maybe based on throughput, Iâm unsure.
Otherwise, if you montor multiple nodes with per your TICK servers (as in 3 or 4 nodes reporting into one influx server) and want to alert on one of those nodes going offline, the following should work.
Chronograf is just an easy way to get to grips with TICK script in general, however if you donât want to install Chronograf in your stack then Iâd recommend having a look through some of the sample TICK scripts
From there, you can create a base template to work from.
Regarding the deadman script above, if you update the DB and RP variable to use your database and retention policy and upload this script to one of your servers you can enable it using the Kapacitor CLI.
Upload the script, you can leave the script wherever you choose. I move them into /etc/kapacitor/tick but running it from the home directory for now would suffice.
Once the scripts on the server, you can use the following to enable the script (assuming you are using linux)
sudo kapacitor define deadman_alert -type stream -tick /path/to/script -dbrp database.retention_policy
then sudo kapacitor enable deadman_alert
When a node goes offline, the alert should trigger. But, as i say⊠If you want to monitor the TICK server itself then Kapacitor wonât be able to help you, unless you monitor your tick nodes with separate instance dedicated to âwatching the watcherâ.
We use an heartbeat API through OpsGenie to alert us if our TICK server is offline, that might be something worth looking into.
I think though maybe you are wanting to alert when your TICK node is offline. In this instance, you might need to ask on the Grafana forums about configuring this.
Let me know if theres anything else.
Hi Philb,
Thanks for the update. Is there way we can implement ping requests if the any of node not responding to ping it would trigger an alert?
Regards
Kumar
Hi @Kumaresan78
What I would do is create a TICK instance independent from the nodes you want to monitor. From there, using telegraf on this new instance you can configure ping sensors.
Then, using that instance you could create a TICK script which would basically alert when packet loss was over a set threshold, say 75%. If the alert triggers itâs an indicator that the node is in trouble, although it isnât a perfect solution. IF you set it to 100% then you can be fairly certain the server is offline, even if it is still switched on.
We use ping sensors (among other alerts) to monitor ESX hosts.
This script should help, Youâll need to add your DB and RP
var db = ''
var rp = ''
var measurement = 'ping'
var groupBy = ['host', 'name', 'url']
var whereFilter = lambda: TRUE
var period = 60s
var every = 60s
var name = 'packetLoss'
var idVar = name + ':{{.Group}}'
var message = ' {{.Level}} Over 50% Packet Loss {{ index .Tags "name" }} '
var idTag = 'alertID'
var levelTag = 'level'
var messageField = 'message'
var durationField = 'duration'
var outputDB = 'chronograf'
var outputRP = 'autogen'
var outputMeasurement = 'alerts'
var triggerType = 'threshold'
var data = stream
|from()
.database(db)
.retentionPolicy(rp)
.measurement(measurement)
.groupBy(groupBy)
.where(whereFilter)
|window()
.period(period)
.every(every)
.align()
|mean('percent_packet_loss')
.as('percent_packet_loss')
var trigger = data
|alert()
.crit(lambda: "percent_packet_loss" > 50)
.stateChangesOnly()
.message(message)
.id(idVar)
.idTag(idTag)
.levelTag(levelTag)
.messageField(messageField)
.durationField(durationField)
.log('/tmp/packetloss.log')
trigger
|eval(lambda: 'percent_packet_loss')
.as('percent_packet_loss')
.keep()
|influxDBOut()
.create()
.database(outputDB)
.retentionPolicy(outputRP)
.measurement(outputMeasurement)
.tag('alertName', name)
.tag('triggerType', triggerType)
trigger
|httpOut('output')
So, in short.
Change one the URLâs or IPâs in the config to one you know will not resolve, after about 60 seconds you should have an alert.
You could also use an additional script to run the deadman node to montior for throughput.
You could also set up a dashboard in Grafana with repeating panels based on the ping results, showing packet loss for the last X amount of time.
Hi Philb,
Thanks for the update.I achieved node down alerts with grafana.
In Short I used telegraf ping plugin where list of nodes are specified from grafana used below queries basically it will look for the values of packet loss>80 and result.code>0 if both condition matches node down alert triggers.
Query:
SELECT mean(âresult_codeâ) AS âresultâ FROM âpingâ WHERE (âurlâ = ânode1â) AND timeFilter GROUP BY time(__interval) fill(null)
SELECT âpercent_packet_lossâ FROM âpingâ WHERE (âurlâ = ânode1â) AND $timeFilter
Regards
Kumar
