I am looking for some good examples of sigma/stddev used in kapacitor tickscripts, for alerting on Memory Available, CPU Usage, Disk Usage etc.
I would appreciate if you can share what you have or any idea is welcome for me to see what fits.
I am looking for some more unique approaches.
Below is what i am testing with where i am using sigma with stateDuration:
var db = ‘’
var rp = ‘’
var measurement = ‘Process’
var groupBy = [‘instance’, ‘host’]
// Create Exclusion
var whereFilter = lambda: (“instance” != ‘_Total’ AND “instance” != ‘Idle’)var name = ‘Process_Percent_Processor_Time_Sigma_With_StateDuration’
var idVar = name
// Window config
// This will present a rolling window of the last n minutes
// worth of data, every n minutes.
var window_period = 1hvar window_every = 1m
var metric_nm = ‘Process CPU Usage in %’
var cpu_percentage_alert_threshold = 3
var crit_state_duration = 10
var idTag = ‘alertID’
var levelTag = ‘level’
var messageField = ‘message’
var durationField = ‘duration’
var outputDB = ‘’
var outputRP = ‘’
var outputMeasurement = ‘Process_CPU_Usage_alerts_Sigma_With_StateDuration’
var triggerType = ‘threshold’
var data = stream
|from()
.database(db)
.retentionPolicy(rp)
.measurement(measurement)
.groupBy(groupBy)
.where(whereFilter)
|eval(lambda: sigma(“Percent_Processor_Time”))
.as(‘Percent_Processor_Time_Sigma’)
|stateDuration(lambda: “Percent_Processor_Time_Sigma” >= cpu_percentage_alert_threshold)
.unit(1m)
|window()
.period(window_period)
.every(window_every)
.align()
|log()
|alert()
.details(‘N/A’)
.crit(lambda: “state_duration” >= crit_state_duration)
.message(message)
.id(idVar)
.idTag(idTag)
.levelTag(levelTag)
.messageField(messageField)
.durationField(durationField)
.post(‘’)
.stateChangesOnly()
|httpOut(‘output’)
|influxDBOut()
.create()
.database(outputDB)
.retentionPolicy(outputRP)
.measurement(outputMeasurement)
.tag(‘alertName’, name)
.tag(‘triggerType’, triggerType)
