Complex Boolean operators on alert conditions

Question

I have a case (certificates) that could use a pair of &lt; , &gt; conditions to handle alerting.&nbsp; There are some certs that need to be in place and expired for the system to work properly and fail certs made against those CAs... most of them have really long expirations on them.&nbsp; I'd like ot raise an alert if the daystoexpire is &lt;30, but &gt;-100.&nbsp; Right now, I'm having to disable alerting manually on thousands of certificates in our environment to enable useful alerting on them.&nbsp; I'll also accept anyone with a good hacky workaround for it... I hate clicking :)/emoticons/smile@2x.png 2x" title=":)" width="20"&gt;

mike_moniz · Answer

My previous answer assumed OR conditions (if hit thresholdA OR thresholdB). If you want to do a AND like condition, which as I re-read the question, might be what you are asking, that may depend on the situation.

Here I'm assuming you want to basically consider any Certs that have daystoexpire &lt; -100 to just be ignored in all cases, in other words anything under -100 is invalid. So you can edit the "Valid value range" for daystoexpire&nbsp; to be "-100 to blank". That way you will just get a NaN if it's less then -100, and still have an easily changed main thresholds of &lt; 30.

&nbsp;

mike_moniz · Answer

6 minutes ago, Cole McDonald said:

I'd still like to know that there's an instance and how long ago it had expired, just not alert on it.&nbsp; I'll definitely play with the virtual datapoints as a possible workaround though.&nbsp; That's got some promise.

&nbsp;

Sure, then I would remove the threshold on daystoexpire and let that be for information/graphing use. Then create a complex DataPoint with the expression of "daystoexpire" which has the valid range and thresholds for alerting.

mike_moniz · Answer

I'm all for more complex conditions for thresholds!

But as a nice workaround you can have multiple DataPoints that just report the same value but have different thresholds. For example you have have the normal daystoexpire to be &gt; -100, and create a Complex DataPoint called "daystoexpireSoon" that has the Expression of "daystoexpire" (aka, use the same value) and set it's threshold of &lt;300. And you can keep doing that for all the various thresholds.

P.S. You can also remove the threshold for daystoexpire and create daystoexpireOld along with daystoexpireSoon, that do have thresholds, so it's clearer what each means.

cole_mcdonald · Answer

I'd still like to know that there's an instance and how long ago it had expired, just not alert on it.&nbsp; I'll definitely play with the virtual datapoints as a possible workaround though.&nbsp; That's got some promise.

cole_mcdonald · Answer

Here's what I used... working like a champ:

if( gt( DaysUntilExpire,(0-60) ), DaysUntilExpire, unkn() )

&lt;= 30 14 7 for the alerting&nbsp;drastically reduced the number of alerts that are non-actionable.&nbsp; Thank you Mike!

Forum Discussion

Complex Boolean operators on alert conditions

Related Content

Complex DataPoint.

Complex datapoint expression syntax

Complex Goovy Datapoint Conditional Statement

Complex Datapoints - Nested if / elseif possible w/o scripting?

LM Logs parser conditional formatting operator

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards