04 Dec 2024 07:35 PM - last edited on 13 Jan 2025 10:46 AM by MaciejNeumann
I would like a DQL statement (either in Dashboard or Notebook) to perform the following query and result in an event so that query results are alertable depending on the threshold. In this case, I would like an event generated when DQL query results in a downtime value greater than 3600 seconds. Here is the statement:
fetch dt.entity.cloud_application_instance, from:now()-24h
| fieldsAdd entity.name, lifetime, downtime = unixSecondsFromTimestamp(now()) - unixSecondsFromTimestamp(lifetime[start])
| filter in(id, classicEntitySelector("type(CLOUD_APPLICATION_INSTANCE),toRelationships.IS_PG_OF_CAI(type(PROCESS_GROUP), tag(kpod))"))
| fieldsAdd duration(downtime, unit:"s"), alias:duration
| filterOut downtime < 3600
| makeTimeseries count(default: 0), spread: timeframe(from: lifetime[start], to: coalesce(lifetime[end], now())), by:{entity.name,duration}, interval: 1m
| limit 200| makeTimeseries count(default: 0), by:{entityName,isOffline,timestamp}, time:{timestamp}, interval: 1m
But when I run this query, I get the following error message:
| filterOut downtime < 3600