Baseline and Alerting in Sysdig Monitor
One of the most important features of Sysdig Monitor is the alerting and notification facility. You can create manual alerts specifically tailored to your infrastructure’s unique demands or choose to allow Sysdig Monitor to automatically create performance and capacity baseline measurements and notify you in a variety of ways for significant out of range events. ‘Host comparison’ alerts are also configurable for one-to-many comparisons between an individual host and its associated group.
The Alerting tab will display notifications generated by any configured alerts that have recently triggered or ‘fired’. Notifications are itemized in the Notifications table with summary fields showing severity, the time the alert was fired, the scope of entities involved, the alert parameters and the value that caused the alert to fire. Click on any listed item to open a historical strip chart below the table and display the metric over time including the point the metric triggered the condition (red dotted line). Mouse over the chart to see a pop-up showing the metric’s exact value at any point along the chart. Click and drag over any portion of the graph to zoom in then click the ‘Show all’ button to zoom back out.
The notification strip chart has an “Explore Notification” button that you can click to bring you back to the Explore tab with the appropriate host and metric views displayed for the same time period for when the alert was fired. You can then use the time travel bar to intuitively play time forwards for your entire infrastructure while investigating any instance, group and metric surrounding the notification period.
You can add an alert to any host or group of hosts from either the Explore tab or the Alerting tab > Configure Alerts menu by clicking on 'ADD ALERT'.
From the Explore tab, on any Hosts view, find the individual host or group you which to monitor and click on the bell icon adjacent to the hostname. An unshaded bell icon indicates no alerts are configured and you will be prompted to create one with a New Alert pop-up screen. If you click a shaded bell, alerts have previously been configured and you will be brought to the Configure Alerts screen in the Alerting tab where you can edit the existing alert, add more alerts, disable, or delete any alert. Alternatively, you may select a host or group and click on the ‘Configure Alerts’ or ‘Add Alert’ button that appear on the hosts view on the bottom right.
(1) Select Alert Type
Select the type of the Alert that you want to be notified of. Explanation for these alerts are given on the right side of the pop-up modal.
(2) Configure the Alert
Configuration of the Alert is slightly different with different types of Alerts. While configuring the Alert, Scope conditions need to be understood well in order to create a perfect Alert that suits your requirements.
|is||Exactly the value that you enter|
|is not||Exactly not the value that you enter|
|in||Among the values that you enter separated by ,|
|not in||Not among the entered values separated by ,|
|contains||This pattern matches with the values you enter|
|does not contains||This pattern matches with the values you enter|
|starts with||Starts with the value that you enter|
Setting up different Alerts are explained below with images.
(a) Uptime Alert
Alert you based on the uptime of a host or a container.
(b) Metric Alert
Alert you based on the metric values.
(c) Event Alert (Beta)
Alert you based on the occurrence of an event
Alerts can be configured for any events as shown below:
(d) Anomaly Detection(Beta)
This cool feature will let you identify Anomaly in your system based on their historical behaviors and alert when they deviate.
(e) Group Outlier (Beta)
This is yet another cool alert feature which notify you about the odd one out in the group of hosts.
TIP: The easiest way to create an alert is to choose your node or group from the Explore tab’s Host views and then clicking the Add Alert button. The filter section of the alert will automatically be filled with the appropriate filter and value.
NOTE: The alerting facility will work to monitor metrics reported by the Sysdig agent. An agent must be installed in each host to be monitored as alerts cannot be created for metrics provided by your cloud provider integration (Ex: Cloudwatch) at this time.
When an alert notification is sent -- such as when it triggers, is manually marked resolved in the web UI, or when it ceases triggering -- it will contain a few pieces of information.
- The name of the alert will be provided
- The type of notification: active, resolved, or OK
- The value of the segmentation; for example when segmenting on host.hostName the relevant hostName will be provided