Edit HTTP alert

alerts

#1

I’ve assigned the “HTTP Error” alert to some web servers, and am getting this repeatedly:
extrahop.device.uri_http_server_detail stats:

duration
30000
method
POST
int4dws/4DSOAP/: 1

extrahop.device.http_server_detail stats:
duration
30000

Turns out, this app we’re monitoring is coded to return a SOAP fault if it has no data to give the application. How can we ignore this? Below is the alert. We’re on 4.1 still, if that matters.


#2

If this application is truly returning a 4XX / 5XX response code for ‘no data’, It is possible to filter metrics to exclude certain conditions via a trigger and then Alert on the custom metric.

Here is a quick example that would filter out uri that contain SOAP. It would hopefully get you started:

if( HTTP.uri.indexOf('SOAP') > -1 ) {
    return;
}

var statusCode = HTTP.statusCode;
if(statusCode) {
    Flow.server.device.metricAddCount('noSOAP_Responses', 1);
    if(statusCode >= 400 && statusCode <= 599) {
        Flow.server.device.metricAddDetailCount('noSOAP_Responses_Errors',statusCode.toString(), 1);
    }
}

#3

So I know I can use the above example (thank you for that) to create a trigger. However, when I attach said trigger (watching HTTP.response to the device throwing the 500’s, even after it throwing the error multiple times, nothing shows in the runtime log. What am I doing wrong?


#4

The runtime log only shows messages committed by the log and debug functions. Do you see the metrics showing up when you try to create a chart on your dashboard?