Alerts - group by host/server

Plugins Alerting
1

I posted a topic thinking i should be looking to accomplish this task using under Action using Mustache templates See Topic mustache-template-aggregate-group-by

I was probably wrong.
I tried a different approach i created a monitor which will bring aggregated data and then i can use aggregator.bucket to access host and other fields.

Suppose i have the following response:

  "timed_out": false,
    "aggregations": {
        "group_by_host": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
                {
                    "doc_count": 147,
                    "key": "my_host1"
                }
            ]
        },
        "event_count": {
            "value": 147
        }
    }
}

Then in the message i can use:

{{#ctx.results.0.aggregations.group_by_host.buckets}}
Following host needs investigation:
Hostname: {{key}}, Count: {{doc_count}}

{{/ctx.results.0.aggregations.group_by_host.buckets}}

Output:
Hostname: my_host1, Count: 147

Please let me know if anyone needs any help.
Also if anyone has tried this differently or if there is a better approach, please share information over here.

Thanks

2

I need too a simple way to receive multiple alerts if multiple hosts trigger the same threshold

3

Hello,
Is there any way to pass the trigger conditions variables to message in Actions?
I have a requirements where I store a list of items for which trigger has occurred from bucket.
I want them as part of messages.

Thanks.

4

Hi @bbKhamar,

Do you mean passing in the literal script condition definition in the message? Like trigger.condition?

5

Did you find a solution?