Grafana alert with multiple "stages"

vrudolph · August 17, 2023, 12:47pm

I want to create an alert on a multicondition case.
value >= 0.8 alert with lable severity=medium
value >= 0.95 alert with lable severity=high
value >= 0.99 alert with lable severity=urgent

if the condition of a higer severity is fulfilled, the lower alert can be quite. (I do not say silent, because it is a special word)

my only solution is to setup following alert rules:

>=0.8 && <0.95
>=0.95 && <0.99
>=0.99

on the downside: with every change there would be a resolve-notification as well.

Is there a more elegant way to do that?

clevernessisamyth · August 17, 2023, 1:34pm

Hello,

Can you show us your query? Is “severity” a label that is generated by the query?

vrudolph · August 18, 2023, 7:47am

My query gives me just the values and I set a Threshold on it. The ‘severity’ is a label I set on the alert to react on it in policies. I want to use different contactpoints.

The query:

sum(kubelet_volume_stats_used_bytes) by (persistentvolumeclaim, namespace) 
/
sum (
 sum(kube_persistentvolumeclaim_info) by (persistentvolumeclaim, namespace, storageclass)
 * on (persistentvolumeclaim, namespace) group_right(storageclass)
 sum(kubelet_volume_stats_capacity_bytes) by (persistentvolumeclaim, namespace)
) by (namespace,persistentvolumeclaim)

clevernessisamyth · August 18, 2023, 8:38am

You can use the label_replace function to create the label based on the condition you want.

In this example, I create a new query for every condtion, and wrap the metric in the label_replace:

label_replace(v instant-vector, dst_label string, replacement string, src_label string, regex string)
v: your query
dst_label: the label name
replacement: the label value
set src_label and regex to empty strings as you don't want to modify existing labels.

I’m not sure if you set different notification policies with each label and value linked to a contact point will capture the label generated in the alert without specifying it in the “Notifications” section.

Try it, if it doesn’t work then you should create 3 alerts each linked to a notification policy based on the label value.

vrudolph · August 18, 2023, 11:14am

@clevernessisamyth thank you for that input! That works so far as you can see here

It is nice to use the metrics intuitivly and get some successes

Currently I have three queries and they are responding some data.
How have you combined them to create alerts from them. I can just set one of these config blocks as ‘alert condition’. Also in my current configuration I get ‘No data’ for the rule. But two of the queries are responding data.

grant2 · August 18, 2023, 11:27am

This thread may also help.

clevernessisamyth · August 18, 2023, 11:40am

Wow, I didn’t know it was possible to use go template expressions in the notifications section.

vrudolph · August 21, 2023, 1:01pm

@grant2, thank you. That was helpfull.

Now I got alerts with dynamic severity label. It reacts on the value of a calculation.

You If I configure a label more than one time, just one of these lables are saved to the final configuration. I do that via GUI.
If I try to do it in the yaml, I get the hint from my IDE, that it in no valid yaml.

          labels:
            ressource: storage
            severity: '{{if gt $values.B.Value 80.0 }}warning{{else}}none{{end}}'
            severity: '{{if gt $values.B.Value 90.0 }}high{{else}}none{{end}}'
            severity: '{{if gt $values.B.Value 95.0 }}critical{{else}}none{{end}}'

As you´ve shown here, you setup a multi condition case. How have you done that?

clevernessisamyth · August 21, 2023, 2:17pm

Hello,

In YAML, each key should be unique within a mapping. Try this:

labels:
  ressource: storage
  severity: '{{if gt $values.B.Value 95.0 }}critical{{else if gt $values.B.Value 90.0 }}high{{else if gt $values.B.Value 80.0 }}warning{{else}}none{{end}}'