Create a metrics threshold alertedit

Based on the metrics that are listed on the Metrics Explorer page within the Metrics app, you can create a threshold alert to notify you when a metric has reached or exceeded a value for a specific time period.

Additionally, each alert can be defined using multiple conditions that combine metrics and thresholds to create precise notifications.

  1. To access this page, go to Observability > Metrics.
  2. On the Inventory page or the Metrics Explorer page, click Alerts > Metrics.
  3. Select Create threshold alert.

When you select Create threshold alert, the alert is automatically populated with the same parameters you’ve configured on the Metrics Explorer page. If you’ve chosen a graph per value, your alert is pre-configured to monitor and notify about each individual graph displayed on the page.

You can also create an alert based on a single graph. On the Metrics Explorer page, click Actions > Create alert. The condition and filter sections of the threshold alert are automatically populated.

Metric conditionsedit

Conditions for each alert can be applied to specific metrics that you select. You can select the aggregation type, the metric, and by including a warning threshold value, you can be alerted on multiple threshold values based on severity scores. To help you determine which thresholds are meaningful to you, the preview charts provide a visualization.

In this example, the conditions state that you will receive a critical alert for any any hosts that have a CPU usage of 120% or above and a warning alert if CPU usage is 100% or above. You will also receive a critical alert if memory usage is 20% or above.

Inventory alert

When you select Alert me if there’s no data, the alert is triggered if the metrics don’t report any data over the expected time period, or if the alert fails to query Elasticsearch.

The Filters control the scope of the alert, and the Create alert per creates an instance of the alert for every unique value of the field added. For example, create an alert per host, or per every mount point of each host. You can also add multiple fields.

Before creating an alert, you can preview whether the alert would have been triggered in the last hour, day, week, or month.

Preview metric alert

Action typesedit

You can extend your alerts by connecting them to actions that use the following supported built-in integrations.

Action types

When configuring an action type, you can define precisely when the alert is triggered by selecting a specific threshold condition: Alert, Warning, or Recovered (a value that was once above a threshold has now dropped below it).

Configure when an alert is triggered

Action variablesedit

This section details the variables that metrics threshold alerts will send to your actions.

Basic variablesedit
The default metrics threshold alert message detailing basic variables

The default message for a metrics threshold alert displays the basic variables you can use.

  • context.group: This variable resolves to the group that the alert’s condition detected. For Inventory alerts, this is the name of a monitored host, pod, container, etc. For metric threshold alerts, this is the value of the field specified in the Create alert per field or * if the alert is configured to aggregate your entire infrastructure.
  • context.alertState: Depending on why the action is triggered, this variable resolves to ALERT, NO DATA, or ERROR. ALERT means the alert’s condition is detected, NO DATA means that no data was returned for the time period that the alert queried, and ERROR indicates an error when querying the data.
  • context.reason: This variable describes why the alert is in its current state. For each of the alert’s conditions, it includes the detected value of the monitored metric, and a description of the threshold.
  • context.timestamp: This variable resolves to the timestamp of when the alert was evaluated.
Advanced variablesedit
The default metrics threshold alert message detailing advanced variables

Instead of using context.reason to provide all the information you need, there may be cases when you’d like to customize your action message. Metrics threshold alerts provide advanced context variables that have a tree structure.

These variables must use the structure of {{context.[Variable Name].condition[Number]}}. For example, {{context.value.condition0}}, {{context.value.condition1}}, and so on. This is required even if your alert has only one condition (accessible with .condition0). Using just {{context.[Variable Name]}} evaluates to a blank line or [object Object] depending on the action type.

  • context.value.condition[X]: This variable resolves to the detected value of conditions 0, 1, 2, and so on.
  • context.value.threshold[X]: This variable resolves to the threshold values of conditions 0, 1, 2, and so on.
  • context.value.metric[X]: This variable resolves to the monitored metric of conditions 0, 1, 2, and so on.

Settingsedit

With metrics threshold alerts, it’s not possible to set an explicit index pattern as part of the configuration. The index pattern is instead inferred from Metrics indices on the Settings page of the Metrics app.

With each execution of the alert check, the Metrics indices setting is checked, but it is not stored when the alert is created.

The Timestamp field that is set under Settings determines which field is used for timestamps in queries.