Netreo Essentials determines when alerts and actions need to execute by evaluating expression formulas that comprise the core of alert or action logic. Expressions are comparison statements that evaluate conditions of captured metrics and result in a boolean value. When an evaluated value is TRUE, an alert or action is set as ON. When an evaluated value is FALSE, an alert or action is marked as OFF. When an error occurs while evaluating an expression, an alert or action generally ignores the evaluation and the expression's previous value remains active.
Expressions are also used when filtering data within Aggregated metrics. The concept is the same, and Aggregate filters throw away metrics that do not match the filter's boolean condition.
Expressions allow for comparisons of metrics, can use combinations of multiple conditions, and generally behave like comprehensive boolean statements from C#. In fact, the expression evaluation engine is powered by Dynamic Espresso, a .NET library that is capable of evaluating sophisticated expressions.
Metrics are used as variables in expressions and may be used directly. Certain variables, such as dates can be accessed by addressing their properties (e.g., CheckTimeUtc.Month or CheckTimeUtc.Minute).
Cpu > 70
Evaluates to TRUE when the metric Cpu is grater than 70.
(Queue1Length + Queue2Length) > 100 && CheckTimeUtc.Hour > 9 && CheckTimeUtc.Hour < 17
Evaluates to TRUE if the depth of Queue1 and Queue2 combined exceed 100 messages and if the time is between 9 a.m. and 5 p.m. UTC.
Status == "Ready"
Evaluates to TRUE if the Status metric is "Ready."
Evaluates to TRUE if SomeTextMetric contains the string "Error" within it (not case-sensitive).
Evaluating Data in Arrays/Sets (Advanced)
Netreo Essentials is capable of evaluating collected metric data in arrays or sets against custom criteria. This is useful when trying to alert on data from Event Logs, running Processes, subscriptions of Azure Service Bus Topic, etc.
Metrics that are displayed in grids on dashboard are considered to be array-based metrics. A number of Netreo Essentials-specific aggregate functions exist that can aggregate the data in these metrics, evaluate an expression and return a single result.
Functions available are: Any, All, None and Count.
Syntax for each is as follows: FunctionName(metric, "sub-condition expression").
The ApplicationEventLogs metric captures application event logs. Looking at the columns in the ApplicationEventLogs grid, it can be seen that the Message property contain a description of the event. Configuring an expression for an alert that parses through the Message property of the logs and looks for the substring "Exception" in any of those logs will yield a proper alert.
Notice that the sub-condition expression supports the Contains function, but needs to have the string constants be specified with escape quotes.
The Topic1Details metric captures service bus topic details. This metric contains 1 record per each subscription within the topic. Looking at the columns in the Topic1Details grid, it can be seen that the Subscription property contains the name of the subscription and the DeadLetters property contains the number of dead letters within a particular subscription. Configuring an expression for an alert that evaluates all subscriptions with a Deadletters value over 5 and that contain the word PROD in the subscription name can be done as follows:
Any(Topic1Details, "Contains(Subscription, \"PROD\") && DeadLetters > 5")
Supported Operators and Functions
|Relational and type testing|
|Text Comparison||bool Contains(a, b)|