Need assistance w/ Alerting

alerts
metrics

#1
  1. I screwed up and edited the original “Slow Web Response Time” alert, and don’t recall the original metrics and “Alert When” specifications. Could someone post a link, or the actual data for that alert so I can compare to what I have now?
  2. I’m attempting to configure an alert that will fire 1 time when processing time for a web server group, but I’m having trouble figuring out the threshold and “Alert When” value. Currently, my metric is set to “extrahop.device.http_server:tprocess?q3”, and Alert When: is set to “10 minutes > 190”. I apparently don’t know what that means. The alert expression that fire from that config are: • 75th percentile over 60 > 190 percent of trendline. What does that mean exactly?
    Thanks for any help you can provide.

#2

Greetings,

  1. To answer your first question, the default metrics for the Alert “Slow Web Response”, are listed below:

Metric: extrahop.device.http_server:tprocess
Percentile
Percentile Value: 75
Edge-triggered
Alert When: mean over 30 seconds > 190 percent of trend

  1. To answer your second question about “Alert when: mean over 10 mins > 190 percent of trend”

The “mean” aka “average” of the data points over a 10 minutes period are greater (>) than 190% percent of the trend. So if the mean of Server processing time over the last 10 minutes is 20 milliseconds, and the trend line is 10 milliseconds, the alert would fire since it surpassed the trend limit (190%)

100% of 10 milliseconds is 10
200% of 10 milliseconds is 20
The threshold of 190% as been exceeded, and the alert will fire.

I have also provided a link to a forum post which offers additional information relating to the alert criteria.


#3

Thanks very much. I had read that post by Amanda, and it confused me a bit. Thanks for the break down.


#4

just to make sure I have it, say I have the following configuration:
metric: extrahop.device.http_server:tprocess?q3
Alert when: Value over 10 minutes > 190

HTTP Processing time is higher, in 75% of all cases over the last 10 minutes, than 190% of that time periods threshold.

What defines that time periods threshold? Or am I totally confused?


#5

The 75th percentile represents the portion of the Dataset that will will be used when it is compared to the trend line. In the screenshot I provided, we can see that the server processing time is broken up into a Dataset table. In this example the current 75th percentile is 304.2 and the max is 305.8, If the alert below was being generated with the data points listed in the screenshot. Please feel free to open a case with our ExtraHop Support team, for further clarification. We would be glad to assist.

Alert when: 75 percentile over 10 minutes > (greater than) 190% of trend