Unbound application alerting

Help
1

Hello,

I am trying to create an alert for Unbound recursion time. I found an application alerting article that was very helpful, but I’ve been unable to get the Unbound alert to work.

This is what I have at the moment:

Unbound_alert
Unbound_alert877×492 17.2 KB

I’ve based this on:

I’ve left the >0 just to make it fire, there is no match when using the debug:
Rule name: Unbound recursion time increased
Alert rule: application_metrics.app_id = “unbound-recursiontime” AND (application_metrics.metric = “avg” AND application_metrics.value > 0)
Alert query: SELECT * FROM devices,applications,application_metrics WHERE (devices.device_id = ? AND devices.device_id = applications.device_id AND applications.app_id = application_metrics.app_id) AND application_metrics.app_id = “unbound-recursiontime” AND (application_metrics.metric = “avg” AND application_metrics.value > 0)
Rule match: no match

For reference, this is the article I found for application alerting:

Thank you

2

Best to look at the data in the table the alert is querying so you can see what you might need to base it on.

select * from application_metrics where device_id=X;

3

Thanks laf - that was a simple solution!

For anyone who finds this by search or otherwise, the Unbound alert for recursion time looks like this:

Unbound_alert_2
Unbound_alert_2884×368 13.7 KB

This is an example for >10ms

Simply tag it to the application hosts and/or group

Cheers

1 Like
4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.