Cole McDonald

Complex Boolean operators on alert conditions

Recommended Posts

I have a case (certificates) that could use a pair of < , > conditions to handle alerting.  There are some certs that need to be in place and expired for the system to work properly and fail certs made against those CAs... most of them have really long expirations on them.  I'd like ot raise an alert if the daystoexpire is <30, but >-100.  Right now, I'm having to disable alerting manually on thousands of certificates in our environment to enable useful alerting on them.  I'll also accept anyone with a good hacky workaround for it... I hate clicking :)

  • Upvote 1

Share this post


Link to post
Share on other sites

I'm all for more complex conditions for thresholds!

But as a nice workaround you can have multiple DataPoints that just report the same value but have different thresholds. For example you have have the normal daystoexpire to be > -100, and create a Complex DataPoint called "daystoexpireSoon" that has the Expression of "daystoexpire" (aka, use the same value) and set it's threshold of <300. And you can keep doing that for all the various thresholds.

P.S. You can also remove the threshold for daystoexpire and create daystoexpireOld along with daystoexpireSoon, that do have thresholds, so it's clearer what each means.

Share this post


Link to post
Share on other sites

My previous answer assumed OR conditions (if hit thresholdA OR thresholdB). If you want to do a AND like condition, which as I re-read the question, might be what you are asking, that may depend on the situation.

Here I'm assuming you want to basically consider any Certs that have daystoexpire < -100 to just be ignored in all cases, in other words anything under -100 is invalid. So you can edit the "Valid value range" for daystoexpire  to be "-100 to blank". That way you will just get a NaN if it's less then -100, and still have an easily changed main thresholds of < 30.

 

Edited by Mike Moniz
  • Upvote 1

Share this post


Link to post
Share on other sites

I'd still like to know that there's an instance and how long ago it had expired, just not alert on it.  I'll definitely play with the virtual datapoints as a possible workaround though.  That's got some promise.

Share this post


Link to post
Share on other sites
6 minutes ago, Cole McDonald said:

I'd still like to know that there's an instance and how long ago it had expired, just not alert on it.  I'll definitely play with the virtual datapoints as a possible workaround though.  That's got some promise.

 

Sure, then I would remove the threshold on daystoexpire and let that be for information/graphing use. Then create a complex DataPoint with the expression of "daystoexpire" which has the valid range and thresholds for alerting.

  • Upvote 1

Share this post


Link to post
Share on other sites

Here's what I used... working like a champ:

if( gt( DaysUntilExpire,(0-60) ), DaysUntilExpire, unkn() )

<= 30 14 7 for the alerting drastically reduced the number of alerts that are non-actionable.  Thank you Mike!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.