Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Alerting]: Add example to rate aggregations page #3734

Open
dedemorton opened this issue Apr 8, 2024 · 6 comments
Open

[Alerting]: Add example to rate aggregations page #3734

dedemorton opened this issue Apr 8, 2024 · 6 comments
Labels
Docset:All Lead:Writer Request

Comments

@dedemorton
Copy link
Contributor

dedemorton commented Apr 8, 2024
edited by bmorelli25

Description

We decided to pull the example from #3676 because it needed more context.

Here's the content that we pulled. (I did not delete the image in case we want to use it when we develop the example.) We may choose to use a different example, just adding the content here in case we want to use it as a starting point.

[discrete]
[[network-rate-example]]
== Network rate example

The rule definition in this example creates an alert if the rate of bytes received by a host on all network interfaces exceeds 10 bit/s:

[role="screenshot"]
image::images/alerts-rate-aggregation.png[Rule configuration that shows Aggregation A set to RATE host.network.ingress.bytes with a threshold of IS ABOVE 10 FOR THE LAST 1 minute]

Resources

Related PR: #3676

Which documentation set does this change impact?

Stateful and Serverless

Feature differences

n/a

What release is this request related to?

N/A

Collaboration model

The documentation team

Point of contact.

Main contact: @maryam-saeidi

Stakeholders:
@maryam-saeidi
Copy link
Member

@simianhacker Do you happen to know a good example of a rule using rate aggregation for network fields, such as host.network.egress.bytes? Maybe you are aware of a ticket that originally proposed adding this aggregation.

@simianhacker
Copy link
Member

@maryam-saeidi I think that field is now a "gauge", the old field we use to use was system.network.out.bytes which was a counter from the Metricbeat system module.

@maryam-saeidi
Copy link
Member

@jasonrhodes Are you aware of any real-world scenario that we can use as a reference for our rate documentation related to network fields?

@jasonrhodes
Copy link
Member

@maryam-saeidi not off the top of my head. Maybe we can check with @felixbarny re: which common fields are counters and try to grab something from that?

@felixbarny
Copy link
Member

system.network.in.bytes would be a good example.

@felixbarny
Copy link
Member

The docs of the system integration also provide a good overview of the different metrics and corresponding metric types: https://docs.elastic.co/en/integrations/system#metrics-reference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Docset:All Lead:Writer Request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@simianhacker @jasonrhodes @felixbarny @maryam-saeidi @dedemorton