Friends, I have a problem with the recovery of my alerts related to my monitors, before the alerts when they were activated and the ping went down were recovered without problem, but now it is different, the alert is active all the time so the ping is balanced
Has anyone else had this behavior?
Status active not recovered
Settings rule
With this configuration my alerts are recovered, now it doesn't work the same
Hello @iTiago, I'm happy to help you with your question but first I need your help to understand some of the points you mentioned!
before the alerts when they were activated and the ping went down were recovered without problem
Did you perform any Kibana updates recently?
the alert is active all the time so the ping is balanced
Do you mean by "balanced" that the ping went back to its normal/baseline ms but the alert is still in active state? How do you read/know the ping status?
Did you perform any Kibana updates recently?
RE: No
Do you mean by "balanced" that the ping went back to its normal/baseline ms but the alert is still in
activestate? How do you read/know the ping status?
When viewing more details of an active alert, this example shows an alert that has been UP for more than 10 minutes (according to my rule it should not be active), it should be marked as recovered
Thanks for the reply. Can you please check if the rule of this alert is still there? i.e. The rule is not deleted and the alert is not orphan
Can you please check if the rule of this alert is still there? i.e. The rule is not deleted and the alert is not orphan
There is something interesting in the screenshot of the alert flyout. The Started at and Last updated have the exact same value, and the alert Duration is 0.
The behavior of having an alert active all the time, is the main symptom of an orphaned alert. So I would you double check that.
From Alert page, click on Fields and add the _id field.
Copy the id from the alert table of the alert that you estimate should be recovered
Open the Rule details page, and in the Alert table use the search bar
Does the alert appears in the alert table on the Rule details page?
Copyng...
Searching...
If you notice, it remains active and this is happening with all of them even though the ping is restored. Also, if you notice, the number of alerts has increased since I made this post.
@iTiago are you using logstash in between heartbeat and elasticsearch?
can you please check what mappings you have for a field monitor.timespan in heartbeat index?
@shahzad31
Sure, additionally I will show you the details of the latest records of a monitor that should mark recovered alerts
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
