In a Metric threshold rule, the condition "For the last 5 minutes" will trigger an alert if any document in that time range surpass the threshold specified? or is it like a bucket? if the average of many documents on those 5 minutes surpass the threshold?
if an alert has been triggered because the data surpass a threshold, it will remain in active status while the data doesnt go below the threshold? meaning that no new alert will be sent because its already alerted?
It is an aggregation over that bucket but you pick the aggregation
Average (which the average would have to be over for 5 mins)
of Max (a max within the 5 Minutes) etc
If you select Only On Status change you will only get the alert action Once when The alert is Triggered
Or you can send repeated alerts each time the rule is Fired
Or you can pick some other interval like every 30 mins...
A pretty easy to test all this is to run metricbeat on your laptop and then rsetup an alert then run some heavy process to trigger the alert ... then stop it etc... you should be able to see the behavior
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
