Seeking your advice and help.
Currently my Heartbeat will monitor system health for every 5 minutes. Then, it will save the data to Elasticsearch. My Elastalert2 will retrieve the date from Elasticsearch.
I have 2 system being monitored
Application 1
Application 2
Below is my expectations
monitor every 5 minutes and if it hit 6 down for group or individual of 6 hits for past 30 minutes to trigger and alert
Below is my Elastalert2 code
config.yml
run_every:
minutes: 1
buffer_time:
minutes: 5
rule.yml
type: "frequency"
index: "filebeat-*"
realert:
minutes: 5
num_events: 6
timeframe:
minutes: 30
filter:
- term:
monitor.status.keyword : "down"
- terms:
monitor.id.keyword : ["Application-1", "Application-2"]
Let's say below is the timing the Elastalert2 executed
5:00
5:05
5:10
5:15
5:20
5:25
5:30
5:35
and let's say below is the timing the Heartbeat executed
5:00
5:05
5:10
5:15
5:20
5:25
5:30
5:35
Not what it happens is that
It is counting number of hits separately as Application-1 as 3 hits and Application-2 as 3 hits causing it to trigger alert at 5:10 rather than grouping together as Application-1 and Application-2 as 6 hits and trigger alert at 5:25
Also once it trigger alert, it wait for anotehr 6 even to trigger. I want it to count from current time to last 30 minutes do the checking and trigger allert. Example 5:25, 5:30, 5:35 as the system is still down for the past 30 minutes form current time
Related
I have a csv file with say 500 users details (id, pwd)
i want 50 users to login every 2 hours
for ex , at morning 8 am 50 users should login, at 10 am 50, 12 pm - 50 users and so on
please help in details i am complete newbie
image
You can try custom thread groups
You will need to install JMeter Plugins Manager first.
Add Stepping thread group in your Test Plan
Just specify the relevant ramp-up period.
Given you have 500 users and you need 50 users to log in during 1 hour it means that
Each hour 25 users will log in
Your test duration will be 20 hours
Ramp-up period would be 20 hours as well
So it would be sufficient to use "normal" Thread Group configured like:
More information: JMeter Ramp-Up Period: The Ultimate Guide
I have an elastalert with type as frequency. If the number of hits is 1000 or more in 60 minutes, it should trigger the alert. The issue is, the moment it reaches 1000 hits within 5-6 minutes, it's triggering the alert instead of waiting for the entire 60 minutes' period. I want it to alert after the 60 minute period is over. I tried adding a realert for 60 minutes but it still did not work. What needs to be done to trigger an alert only when the 60 minutes period is over?
type: frequency
index: logstash-*
num_events: 1000
timeframe:
minutes: 60
realert:
minutes: 60
query_key: site_name
filter:
- query:
query_string:
query: 'NOT site_name: "CCBDN" AND NOT namespace: master'
alert: my_alerts.AlertManager
labels:
severity: major
slack: 'true'
auto_resolve: 'false'
annotations:
summary: Kibana is getting logs from sites other than CCBDN.
I found a solution for this. I used aggregation and the rule started consolidating all occurrences of the alert and triggered once every hour.
aggregation:
hours: 1
realert:
minutes: 15
realert (time, default: 1 min)
This option worked for me .
From documentation-
To ignore repeating alerts for a period of time. If the rule uses a query_key, this option will be applied on a per key basis. All matches for a given rule, or for matches with the same query_key, will be ignored for the given time. All matches with a missing query_key will be grouped together using a value of _missing. This is applied to the time the alert is sent, not to the time of the event. It defaults to one minute, which means that if ElastAlert is run over a large time period which triggers many matches, only the first alert will be sent by default. If you want every alert, set realert to 0 minutes. (Optional, time, default 1 minute)
I'm trying to work out if I can put together a repeat interval to apply to a Schedule that runs every half an hour between 9-5 on Monday to Friday.
I have this so far but am struggling to limit the time to within 9-5
FREQ=DAILY; BYDAY=MON,TUE,WED,THU,FRI; BYHOUR=9,10,11,12,13,14,15,16,17;BYMINUTE= 30;
If I run this, it will execute correctly during the 9-5 period; however, it will also execute every 30 minutes past every hour before 9 and after 5. I need to to only begin running >= 09:00 and <=17:00
I'd say that you're close - replace
BYMINUTE= 30
with
BYMINUTE= 0,30
In Microsoft Project 2016 if you:
Set the project options > schedule > hours per day to 10 hours and 50 hours a week.
Create a task with one resource in it and then add 10 hours a day for 10 consequative days the tasks duration is 8 days and not 10 days!
Change the default calendar Standard. Change times for each day from 8 to 12 1 to 5
to
8 to 1 and 2 to 7.
Then it will level resources out at 10 hours per day and then 100hours will be 10 hours for 10 days with a task duration of 10 days.
Creating a view of events over time. Some events are one day events - some stretch over multiple days. Some are repeating events. What I would like to do is create a view that shows all the events for day 1, then for day 2, and so on.
For example:
Event 1 - happens every Monday in May
Event 2 - happens the first full week of May - 5/5-5/11
Event 3 - happens Tuesday May 7th
So the View would show:
Monday, May 6th
- Event 1
- Event 2
Tuesday May 7th
- Event 2
- Event 3
Wednesday May 8th
- Event 2
And so on. Any suggestion on how can I group to create this? Or do I need to alter the file?
Use Drupal Calendar: http://drupal.org/project/calendar
It automatically creates views in days, weeks, months, etc.