Hi,
I’m trying to set up a time threshold in a grafana alert.
Some info:
- elastic datasource
- metric beat logs, system.process module
system.process brings this field: system.process.cpu.start_time, my score is to send an alert whe the process is restarted (unplanned restart), so actually system.process.cpu.start_time - now() is less than 4 hours for example.
This is how I do it right now:
Luceny query:
process.name: turbine AND system.process.cpu.start_time:[now-4h/h TO now/h]
The query is empty if there aren’t any process started in the last 4h, but this has some side effect:
When a process restart I got a FIRING, but then, after 4 hours, I got No Data…
Is there a way to use system.process.cpu.start_time and “now” and make some math ?
Hope it sounds clear.
BR
Francesco