kapacitor icon indicating copy to clipboard operation
kapacitor copied to clipboard

Published 20 hours ago verified publisher icon influxdata

{{.ID}} generated with empty values despite of groupBy well formed

Open jjess opened this issue 2 years ago • 0 comments

Hi:

I'm using kapacitor 1.6.5 with an InfluxDB 1.8.10. The TICK script was generated by Chronograf 1.10.0 (latest from docker).

The problem is that {{.ID}} is not well mapped because empty values. When generating a recording and replaying, what I see is:

ts=2022-09-29T09:26:19.919Z lvl=debug msg="alert triggered" service=kapacitor task_master=main task_master=e392cbcd-292c-45cb-b9bf-2405b3acd3cb task=chronograf-v1-40ce5d94-1dad-4a6c-87a8-a5e6b363414e node=alert8 level=CRITICAL id=FAILOVER_detect-device=,kpi=,rg= event_message="[OPENNTI] 2022-09-28 11:37:00 +0000 UTC FAILOVER Fields: map[current.device:SECURGW103-1_MAQUETA current.kpi:chassis.cluster.redundancy-group.redundancy-group-failover-count current.product-model:srx5800 current.rg:2 current.value:5 current.version:20191115.14c2ad5_builder_stable_11 past.device:SECURGW103-1_MAQUETA past.kpi:chassis.cluster.redundancy-group.redundancy-group-failover-count past.product-model:srx5800 past.rg:2 past.value:4 past.version:20191115.14c2ad5_builder_stable_11 value:1] Tags: map[device: kpi: rg:]" data="&{chassis.cluster.redundancy-group.redundancy-group-failover-count map[device: kpi: rg:] [time current.device current.kpi current.product-model current.rg current.value current.version past.device past.kpi past.product-model past.rg past.value past.version value] [[2022-09-28 11:37:00 +0000 UTC SECURGW103-1_MAQUETA chassis.cluster.redundancy-group.redundancy-group-failover-count srx5800 2 5 20191115.14c2ad5_builder_stable_11 SECURGW103-1_MAQUETA chassis.cluster.redundancy-group.redundancy-group-failover-count srx5800 2 4 20191115.14c2ad5_builder_stable_11 1]]}"

As you can see, id has the following value:

id=FAILOVER_detect-device=,kpi=,rg=

But the detection works fine.

{{.ID}} is build in the Chronograf way:

var groupBy = ['device', 'kpi', 'rg']
var idVar = name + '-{{.Group}}'

var trigger = past
    |join(current)
        .as('past', 'current')
    |eval(lambda: float("current.value" - "past.value"))
        .as('value')
        .keep()
    |alert()
        .crit(lambda: "value" != crit)
        .message(message)
        .id(idVar)
        .idTag(idTag)
        .levelTag(levelTag)
        .messageField(messageField)
        .durationField(durationField)
        .noRecoveries()
        .stateChangesOnly()
        .log('/var/log/kapacitor/FAILOVER_detect.log')
        .alerta()
        .resource('FAILOVER')
        .event('{{.ID}}')
        .environment('Production')
        .group('tim')
        .origin('kapacitor_bentejui')
        .services('OPENNTI')
        .correlated()

Any idea why this behaviour?

The recording was generated with this query:

SELECT * FROM "juniper"."four_weeks"."chassis.cluster.redundancy-group.redundancy-group-failover-count" WHERE "device" =~ /SECURGW103/   AND time > now() - 72h

If I put a GROUP BY clausule and print all the fields in the query (SELECT "device", "kpi", "rg", last(value) FROM ... GROUP BY "device,"kpi","rg" ... ) the detection fails.

Thanks in advance

Jes

jjess avatar Sep 29 '22 09:09 jjess