I'm unable to determine how to fully exclude alerting on CD-ROM metrics. I've gone into the system integrations and added ignore of unknown and unavailable, along with Unknown and Unavailable, and I still get alerts on metric thresholds that the drive utilization is at 100% (set to alert over 95%).
I've seen mention of setting a query to not send out alerts, but I don't even want these showing up in the Observability -> Alert listing as Active as they are invalid.
Can anybody point me to a reliable reference on achieving this that works with 8.15.1? (We are at the whim of our MSP and are going to be moving forward at some point, but not yet.)
Thanks, but I already put those two types in my 'system' integrations as filesystems to ignore (mentioned in the post), and no difference. Out of desperation, I even tried uppercase versions as that is how they show up in OSquery.
I believe you are using fleets right, if so could go to Integration Overview dashboard and copy the exact error message seen for this specific integration? If there is any?
Or maybe you could add a processor handler blow filesystem metrics like...
Appreciate that recommendation, but I'm not sure if it was the upgrade to 8.18.x or my putting another ignore line in of type "udf", but we no longer receive alerts on CD-ROM drives now.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
