InfluxDB Cloud: Threshold Check based on a String value - influxdb

I might be a bit newbie with InfluxDB Cloud but I cant find (or look correctly) a hint for my issue.
My dataset is made of one field "status" which can be "connected" or "disconnected" (value as a string).
I want to set a check on this field:
OK if status="connected"
WARN if status="disconnected" for less than 1 minute
CRIT if status="disconnected" for pore than 1 minute
Note that I know how to set a check for a numeric value, and that I want to avoid to change my data source (not in my hands to have status=0 or1)

Related

Store machine status on Graphite time-series to later extract KPIs

having a machine which sends (not regularly) its status values 0, 1, 2, we're storing it in Graphite. Now the status means:
0 - stopped
1 - working
2 - stopped by anomaly
The requested KPIs to extract are the classical ones: how much time on status 0 or 1 or 2 in a day or a week? Before reinventing the wheel, we're looking at the best way to compute those PKIs and if in Graphite (or possible other time-series solution) there are already function which deal with summing the time where the data point value is just a condition. Clearly the time intervals to sum are not stored, it's the time elapsed between a data point and the next one.
Or should the data pre-processed to compute the time intervals and then store three data sets like: status.working, status.stopped, status.alarm and for each store when the specific "event" started and how much it lasted?
There are other KPIs, for example the number of alarms in a day. Receiving two status data points in a row both indicating status "2" is actually a single alarm condition and must count as 1.
So, is there a best way to store such data without pre-processing it? It sounds to be a common pattern but (shame on us?) we have not found this topic well explored.
Thanks.
Graphite has a number of functions that could help you here. One that stands out is the summarize() function in which you can pass an aggregation method (in this case sum) and a duration in minutes/hours/days/weeks/etc), take a look here
isNonNull is another useful function: it can be used to determine the existence of a datapoint regardless of the value.
When you say that the machie reports a value 0 to indicate it has stopped - does it actually send that value or does it report nothing? This is an important detail and will have some bearing on the end result of your solution.

Grafana: Panel with time of last result

I have an elasticsearch instance that receives logs from multiple backup routines. I'd like to query ES for these logs from Grafana and set up a panel that shows the last time for the different backups. Ideally I would also like to be able to show this in color if the time is longer than a certain threshold.
Basically the idea is to have a display that shows, for instance, green if a certain backup has been completed in the last 24 hours, and red if it hasn't.
How would I do this in Grafana with ES as the datasource?
Exact implementation depends on the used panel.
Example for singlestat: write ES query and then select Stat: Time of last point, you may need to select suitable unit/format:
Unfortunately, Grafana doesn't understand thresholds in your requested time format (older than 24 hours). You will need to return it as metric (for example as age of last backup in seconds) = you will need to write query for that. That means, that you will have 2 stats to show (last time + age), so you won't be able to use singlestat. Probably table panel will be better - you can use thresholding based on the age metric there.
In addition to the great answer by Jan Garaj, it looks like there is work being done to make this type of thing much easier in the future.
Check out this issue to check progress.

In InfluxDB/Telegraf How to compute difference between 2 fields based on 3rd field

I have the current use case:
We have a system that computes different response time metrics for messages that we want to insert in InfluxDB. This system writes JSON entries to a file.
We use telegraf with JSON plugin to extract the fields we want and insert into InfluxDB.
So far so good.
But we have an issue with 1 particular information.
The system will emit messages where mId is the Unique identifier, in the below examples we have 2 uuidXXXX and uuidYYYY:
{“meta1”:“value”, “mId”:“uuidXXXX”, “resTime1”:1232332233, “timeWeEnterBus”:startTimestamp}
{“meta1”:“value2”, “mId”:“uuidYYYY”, “resTime1”:1232331111, “timeWeEnterBus”:startTimestamp}
{“meta1”:“value”, “mId”:“uuidXXXX”, “resTime1”:1232332233, “timeWeExitBus”:endTimestamp}
{“meta1”:“value2”, “mId”:“uuidYYYY”, “resTime1”:1232331111, “timeWeEnterBus”:startTimestamp}
And what we want here is to graph the timeInBus which is equal to “timeWeExitBus-timeWeEnterBus” for each unique mId.
So my questions are:
IMU, uuid would be a field not a tag as it is unlimited, same for timeWeExitBus and timeWeEnterBus which would be numeric fields since we want to use functions on them. And timeInBus would be the measurement. Am I right ?
Is this use case a good one for Influx / Telegraf or are we misusing it for this ? IMU, it doesn’t look like a good use case to try to compute this on telegraf side, but I don’t see how to do it in InfluxDB, I initially thought ELAPSED function could help but I end up thinking it doesn’t work here
If it’s a good use case, could you point me to documentation helping implementing this ?

zabbix monitor disk on Windows

now ,I get the value from Zabbix Server.The value include IOPS,IO Response Time,and so on.But I want to monitor whether the value is in the range allowed.How to do it.
demo:
items [A]
name Avg Disk sec/Read Response Time
key perf_counter[\234(_Total)\208]
now new items [B] monitor items[A]'s Value, if Value < 12 ms items[B]'s Value is Good,else items[B]'s Value is bad.
In a word,i only want to monitor the disk io response time is healthy or not.
update:
items[A] : monitor windows disk
items[B] : another items is uesed to monitor items[A]'s Value
I want to show io health in charts,instead of setting the trigger
I didn't quite get what's item "[B]", but in general, thresholds (or more complicated problem conditions) in Zabbix are specified using triggers.
For example, in your case the trigger expression could be {host:perf_counter[\234(_Total)\208].last()}>12. That is assuming your item holds data in ms. If other units are used, adjust the threshold accordingly.
This example uses the most simple trigger function, last(). See the trigger function list in the Zabbix manual for an idea of other, more fancy trigger expressions you could construct.

What is the increment value used in Identification field of ip_Header?

I opened a telnet session and wireshark ..and observed the connection.
what I know is that the normal increment of ip ident field is "1" (in case of no fragmentation) but if fragmentation happened the identification field will remain the same over all fragments
But as I saw ..it is not 1 ..it is randomly changing value
So what is the algorithm in incrementing the ident field ?
Another question : if the DF flag was set ..do we look at the ident field or we just ignore it ?
This is very implementation-dependent--in fact the differences are exploited to do OS fingerprinting. For example, some Windows systems increment ID, but send the field in host-byte order rather than network-byte order.
It doesn't really matter and doesn't cause problems since ID is only used for fragmentation. So as you suggest, if DF is set, you can probably ignore ID, though I would sanity check that frag offset is 0 and total length matches the amount of data received.
My guess would be that it's pseudorandom, in order to make it harder for an attacker to guess the sequence and spoof the packets. What operating system is generating the funky identification values?
i found that the increment value depend on time between packets ..in telnet : if u sent frequent fast chars ..id will be incremented by one ..if u sent chars in slow speed ..u will notice the difference ..i didnt figure out the real relation ...but it is related to time ..

Resources