Changes between Version 7 and Version 8 of GENIMonitoring/Alerts


Ignore:
Timestamp:
05/12/15 17:35:29 (9 years ago)
Author:
cody@uky.edu
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIMonitoring/Alerts

    v7 v8  
    3434}}}
    3535
    36 * There exist a stream of events named ''MyEvent''.
     36 * There exist a stream of events named ''MyEvent''.
    3737
    38 * In the ''MyEvent'' stream there are events that contain a field named: ''somefield''
     38 * In the ''MyEvent'' stream there are events that contain a field named: ''somefield''
    3939
    40 * In a 3 minute window, if ''somefield'' = 10 five or more times, emit data.
     40 * In a 3 minute window, if ''somefield'' = 10 five or more times, emit data.
    4141
    4242Just as traditional relational databases, and their related SQL queries, use specific data type operations based on column data types, data streams processed by Esper are defined by strongly typed object classes.  In the previous EPL query the ''somefield'' field would have to defined as a numeric time in order for mathematical comparison to work.       
     
    8888
    8989
    90 * If metric ''gpo:is_available'' is set to ''1'' emit ''OK''
     90 * If metric ''gpo:is_available'' is set to ''1'' emit ''OK''
    9191{{{
    9292select urn, metric, ts, value, 'OK' AS alertlevel from LogTick(metric='gpo:is_available') where value = 1
    9393}}}
    9494
    95 * If metric ''gpo:is_available'' is set to ''1'' emit ''CRITICAL''
     95 * If metric ''gpo:is_available'' is set to ''1'' emit ''CRITICAL''
    9696{{{
    9797select urn, metric, ts, value, 'CRITICAL' AS alertlevel from LogTick(metric='gpo:is_available') where value = 0
    9898}}}
    9999
    100 * If a urn with the metric ''gpo:is_available'' is observed once, but not observed again for 60 min emit ''WARNING''
     100 * If a urn with the metric ''gpo:is_available'' is observed once, but not observed again for 60 min emit ''WARNING''
    101101{{{
    102102select a.urn AS urn, a.metric AS metric, a.ts AS ts , 'WARNING' AS alertlevel from pattern [ every a=LogTick(metric='gpo:is_available') -> (timer:interval(60 min)) and not LogTick(urn=a.urn) ] group by a
    103103}}}
    104104
    105 * Ping times greater than 10,000ms
     105 * Ping times greater than 10,000ms
    106106{{{
    107107select * from LogTick(metric='ping_rtt_ms') where value > 10000.0
    108108}}}
    109109
    110 * If a urn is seen and then not seen again for 60min
     110 * If a urn is seen and then not seen again for 60min
    111111{{{
    112112select count(*) from pattern [ every a=LogTick -> (timer:interval(60 min)) and not LogTick(urn=a.urn) ] group by a
     
    115115== Creating stream queries ==
    116116
     117 1. Login to the GENI Monitoring site: [[http://genimon.uky.edu]]
     118 2. Click on the ''Alerting System'' under the ''GENI Reporting'' tab, as shown in the figure below.
    117119
     120[[Image(http://groups.geni.net/geni/raw-attachment/wiki/GENIMonitoring/Alerts/side_bar.png)]]
    118121
     122 3. On the Alert page click on ''Build New Alert'' on the top right of the screen, shown in the figure below.
     123
     124[[Image(http://groups.geni.net/geni/raw-attachment/wiki/GENIMonitoring/Alerts/alert_page.png)]]
     125
     126 4. You are now in the stream query builder page, shown in the figure below.
     127
     128[[Image(http://groups.geni.net/geni/raw-attachment/wiki/GENIMonitoring/Alerts/build_page.png)]]
     129
     130 5. On the stream query builder page, click on ''Query Node'' under ''Add Alert Node'', shown in the figure below.
     131
     132[[Image(http://groups.geni.net/geni/raw-attachment/wiki/GENIMonitoring/Alerts/add_query.png)]]
     133
     134 6. In the query node fill in the ''Query Name'' and ''Query String'' fields.  The query name field should describe your query and the query string should be a valid EPL query, which uses the ''LogTick'' class.
     135
     136 7. Click on the left edge of your query node and connect your query node to the ''source node''.  The source node is the source of LogTick events, based on raw polling metrics.  An example query is shown in the figure below.
     137
     138[[Image(http://groups.geni.net/geni/raw-attachment/wiki/GENIMonitoring/Alerts/query.png)]]
     139
     140 8. You must now provide a destination for the query output.  On the stream query builder page, click on ''Destination Node'' under ''Add Alert Node'', shown in the figure below.
     141
     142[[Image(http://groups.geni.net/geni/raw-attachment/wiki/GENIMonitoring/Alerts/add_query.png)]]
     143
     144 9. Using the dropdown box on your destination node select your query destination, then connect your destination node to your query node, much how you connected your query node to your source node.
     145
     146 10. Once a source, query and destination have been configured, as shown in the figure below, click on ''Submit Alert'' on the ''Alert Building Tools'' toolbar.
     147
     148[[Image(http://groups.geni.net/geni/raw-attachment/wiki/GENIMonitoring/Alerts/add_dest.png)]]
     149
     150 
    119151== References ==
    120152