-
Unknown Alert management
Hello,
I’m currently managing a module in a cloudwatch agent. This module gets the value of the server every 5 minutes from Cloudwatch – as a “live metric”. I’ve set the interval to 5 minutes, but sometimes, I’ve got the value few seconds later (5 min 5 sec by example).
In this case, at 5 minutes, I’ve got an unknown alert raised, and solved 5 secondes later.
How I can I filter this “false” alarm ? (for Warning and Critical, I can use the FF times)
Here is the configuration, and my issue (the gray zone) in the grpahic.
Thanks for help
Christophe
-
5 Replies
-
Hi Christophe,
All modules report to the server either through XML of software agents or simple data (remote checks, server plugins, etc…), this information is sent to the server according to the interval defined in the agent (5 minutes), sometimes it’s normal that it takes a few seconds more.
An unknown status represents that the Pandora FMS server has not been able to process any XML or receive information from the module during 2 intervals (it could be problems in the processing/sending of the XML of the agent or that the remote check could not be done).
check could not be done), that is to say, from 10 minutes the agent has shown an unknown status. If you have been changing the interval, it is possible that the status has been presented much earlier.
The modules don’t have a configuration for an unknown status, because the modules of an agent can’t send an unknown status.
The only way to control an unknown status is through alerts.
For example, you can create an alert template for the unknown state.
Best regards,
Víc.
-
Hello,
Yes, I’ve done an alert when changing to unknow statut. But it always raised for “few seconds” and solved nearly immediately.
How can I launch the alert only if the unknown status stays at least during 2 or 3 times (so in my case : 10 minutes to raised the unknown status, and only raised the alert after 10 minutes more if still in unknown status)
Here is my configuration of my alert.
Thanks for help
Christophe
-
Hi Christophe,
You can increase the “Min number of alerts” in the template configuration to avoid false positives.
Here is the description of the parameter.
Min number of alerts
The minimum number of times the terms set on the template have to be met (counting from the number defined in the module’s FlipFlop parameter) so that an alert is triggered. The default value is ‘0’, which means the alert will be triggered when the first value that meets the terms is received. It is intended to work as a filter, which might be useful to ignore false positives.
Best regards,
Víc.
-
