Revert "Release 2024-05-09"

alert-policies/network-flow-devices/Flow Destinations Baseline.yml

@@ -0,0 +1,43 @@
+# Name of the alert
+name: Flow Destinations Baseline
+
+# Description and details
+description: |+
+  This alert is triggered when the unique count of 'Destination:Port' endpoints for a Flow Device fluctuates more than 2 standard deviations above or below baseline for over 5 minutes.
+  This is a measurement on the total number of destinations for your traffic and can be an associated metric to throughput signals from your applications.
+
+# Type of alert
+type: BASELINE
+
+# NRQL query
+nrql:
+  # Baseline alerts can use an optional FACET
+  query: "FROM KFlow SELECT uniqueCount(dst_addr, l4_dst_port) FACET entity.name, entity.guid"
+
+# Direction in which baseline is set (Default: LOWER_ONLY)
+baselineDirection: UPPER_AND_LOWER
+
+# List of Critical and Warning thresholds for the condition
+terms:
+  - priority: CRITICAL
+    # Operator used to compare against the threshold.
+    operator: ABOVE
+    # Value that triggers a violation
+    threshold: 2
+    # Time in seconds; 120 - 3600, must be a multiple of 60 for Baseline conditions
+    thresholdDuration: 300
+    # How many data points must be in violation for the duration
+    thresholdOccurrences: ALL
+
+# Loss of Signal Settings
+expiration:
+  # Close open violations if signal is lost (Default: false)
+  closeViolationsOnExpiration: true
+  # Open "Loss of Signal" violation if signal is lost (Default: false)
+  openViolationOnExpiration: true
+  # Time in seconds; Max value: 172800 (48hrs), null if closeViolationsOnExpiration and openViolationOnExpiration are both 'false'
+  expirationDuration: 86400
+
+# Duration after which a violation automatically closes
+# Time in seconds; 300 - 2592000 (Default: 86400 [1 day])
+violationTimeLimitSeconds: 86400

alert-policies/network-flow-devices/Flow Sources Baseline.yml

@@ -0,0 +1,43 @@
+# Name of the alert
+name: Flow Sources Baseline
+
+# Description and details
+description: |+
+  This alert is triggered when the unique count of 'Source:Port' endpoints for a Flow Device fluctuates more than 2 standard deviations above or below baseline for over 5 minutes.
+  This is a measurement on the total number of sources for your traffic and can be an associated metric to throughput signals from your applications.
+
+# Type of alert
+type: BASELINE
+
+# NRQL query
+nrql:
+  # Baseline alerts can use an optional FACET
+  query: "FROM KFlow SELECT uniqueCount(src_addr, l4_src_port) FACET entity.name, entity.guid"
+
+# Direction in which baseline is set (Default: LOWER_ONLY)
+baselineDirection: UPPER_AND_LOWER
+
+# List of Critical and Warning thresholds for the condition
+terms:
+  - priority: CRITICAL
+    # Operator used to compare against the threshold.
+    operator: ABOVE
+    # Value that triggers a violation
+    threshold: 2
+    # Time in seconds; 120 - 3600, must be a multiple of 60 for Baseline conditions
+    thresholdDuration: 300
+    # How many data points must be in violation for the duration
+    thresholdOccurrences: ALL
+
+# Loss of Signal Settings
+expiration:
+  # Close open violations if signal is lost (Default: false)
+  closeViolationsOnExpiration: true
+  # Open "Loss of Signal" violation if signal is lost (Default: false)
+  openViolationOnExpiration: true
+  # Time in seconds; Max value: 172800 (48hrs), null if closeViolationsOnExpiration and openViolationOnExpiration are both 'false'
+  expirationDuration: 86400
+
+# Duration after which a violation automatically closes
+# Time in seconds; 300 - 2592000 (Default: 86400 [1 day])
+violationTimeLimitSeconds: 86400

alert-policies/prometheus-agent/DupMetrics.yml

@@ -4,7 +4,7 @@ description: |+
   This alert is triggered if two or more jobs scraping the same instance in the same cluster.
 type: STATIC
 nrql:
-  query: "FROM Metric select uniqueCount(job) WHERE metricName LIKE 'prometheus%' facet instance, cluster_name"
+  query: "FROM Metric select uniqueCount(job) facet instance, cluster_name"
 
 # Function used to aggregate the NRQL query value(s) for comparison to the terms.threshold (Default: SINGLE_VALUE)
 valueFunction: SINGLE_VALUE