- Goal 1: Alerts if there is any logs with
level="ERROR"
- Goal 2: Show top 3 errored endpoints in alert message summary with their counts
(in the picture I set level="INFO" just to show how my query result looks like)
Goal 1 is achieved easily as in the pic.
I’d like to know how can I achieve Goal 2.
My attempt is this but it doesn’t work
Top 3 Errored Endpoints are :
{{ range $values.A }}
Path: {{ .Labels.scope_RequestPath }} | Count: {{ .Value }}
{{ end }}
Could anyone give me detailed instructions?
I don’t think that’s possible because that’s not how alert works.
Consider alert condition:
top(3, sum by (path) (query) > 0
And the query itself produces the following metrics:
{path="path1"} 100
{path="path2"} 200
{path="path3"} 300
Each metric seriers is evaluated against the threshold (in this case, > 0), which means you’ll get three alerts instead of one, and that’s just how it works.
I think what you have would be sufficient. You’ll just get three alerts instead of one. Just make sure the alert text is clear (this is one of the top3, for example), and put the path label in the alert message.
