问题描述
我想找到10分钟内以"sendsms"开头的所有Pod的警报总数.
I want to find the sum number of alerts for all the pods starting with "sendsms" over 10minutes.
我可以使用 label_replace()来在即时向量上执行此操作.但是当我要执行10分钟以上的数据操作时,它就无法工作,因为label_replace仅适用于即时矢量.
I am able to do use label_replace() to do this on the instant vector. But when i want to do this for over 10 minutes data, it cannot work as label_replace only works on instant vector.
举例说明问题:
ALERTS{alertname="CPUThrottlingHigh",pod="sendsms-dbed"} 10
ALERTS{alertname="CPUThrottlingHigh",pod="sendsms-ebed"} 20
ALERTS{alertname="CPUThrottlingHigh",pod="sendsms-fbed"} 30
ALERTS{alertname="CPUThrottlingHigh",pod="sendmail-gbed"} 60
ALERTS{alertname="CPUThrottlingHigh",pod="sendmail-hbed"} 70
ALERTS{alertname="CPUThrottlingHigh",pod="sendmail-ibed"} 80
使用标签替换,我可以使用REGEX添加新标签,然后将其分组并获得结果.
Using label replace i can add a new label using the REGEX and then i can group it and get the results.
label_replace(ALERTS{alertname="CPUThrottlingHigh", "podname", "$1", "pod", "([a-z-A-Z]+)-.*")
ALERTS{alertname="CPUThrottlingHigh",pod="sendsms-dbed", podname="sendsms"} 10
ALERTS{alertname="CPUThrottlingHigh",pod="sendsms-dbed", podname="sendsms"} 10
如何在10分钟内对ALERTS进行此操作并计算总和?
我想要过去10分钟这样的结果
I want some result like this for last 10 minutes
ALERTS{alertname="CPUThrottlingHigh",podname="sendsms"} 60
ALERTS{alertname="CPUThrottlingHigh",podname="sendmail"} 210
目标:查找在过去1周内创建警报数量最多的广告连播.
Objective: Find the pods which are creating maximum no of alerts in last 1 week.
推荐答案
通过求和后我可以通过执行label_replace来解决此问题
I was able to solve this problem by doing label_replace after doing the sum
查询
sort_desc(sum by (pod_set) (label_replace(sort_desc(sum by (namespace, pod) (avg_over_time(ALERTS{alertname=~"(KubeDeploymentReplicasMismatch|KubePodNotReady|KubePodCrashLooping|KubeJobFailed)", alertstate="firing"}[1w]))), "pod_set", "$1", "pod", "([a-z-A-Z]+)-.*" )))
结果
{pod_set="sendsms"} 62
{pod_set="emailspreprocessor"} 32
{pod_set="sendmail"} 21
这篇关于在Prometheus中的范围向量上替换标签的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!