> For the purposes of this alert, I guess I could group (sum) all those 'apt_upgrades_pending' values by 'instance', before applying 'min_over_time', but I cannot get the expression right.
The min_over_time was just a suggestion to prevent alerts if the packages became available, and were promptly installed. That is: alert only if packages have been outstanding for 48 hours continuously. But actually there's an easier way to do that, with "for: 48h" on the alerting rule. So really: expr: sum by (instance) (apt_upgrades_pending) > 0 for: 48h is most likely all you need. For completeness, suppose you do want to use min_over_time as well. If you want to take an instant vector expression like the above and turn it into a range vector, then you need a subquery <https://prometheus.io/docs/prometheus/latest/querying/basics/#subquery>. But the other way round doesn't need a subquery, because the output of min_over_time is already an instant vector. sum by (instance) (min_over_time(apt_upgrades_pending[48h])) > 0 On Sunday, 21 November 2021 at 20:02:09 UTC [email protected] wrote: > Many thanks for your help. > > I'm afraid I cannot get it right. I am still confused with Prometheus' > aggregates etc. Can you help me further? > > I am using the Node Exporter version 0.18.1 that comes packaged with > Ubuntu 20.04, which I believe is using the apt.sh collector. The metrics I > am getting for apt_upgrades_pending over a few days are: > > {instance="MyHostname",job="node-exporter"} > > {arch="amd64",instance="MyHostname",job="node-exporter",origin="Ubuntu:20.04/focal-updates,Ubuntu:20.04/focal-security"} > > {arch="amd64",instance="MyHostname",job="node-exporter",origin="Ubuntu:20.04/focal-updates"} > > {arch="all",instance="MyHostname",job="node-exporter",origin="Ubuntu:20.04/focal-updates,Ubuntu:20.04/focal-security"} > > {arch="all",instance="MyHostname",job="node-exporter",origin="Ubuntu:20.04/focal-updates"} > > {arch="all",instance="MyHostname",job="node-exporter",origin="Ubuntu:20.04/focal-updates"} > > I thought arch="all" would include all categories, but look at this scrape: > > apt_upgrades_pending{arch="all",origin="Ubuntu:20.04/focal-updates"} 5 > apt_upgrades_pending{arch="all",origin="Ubuntu:20.04/focal-updates,Ubuntu:20.04/focal-security"} > > 3 > apt_upgrades_pending{arch="amd64",origin="Ubuntu:20.04/focal-updates"} 2 > apt_upgrades_pending{arch="amd64",origin="Ubuntu:20.04/focal-updates,Ubuntu:20.04/focal-security"} > > 27 > > And this other scrape: > > apt_upgrades_pending{arch="amd64",origin="Ubuntu:20.04/focal-updates"} 10 > > Those scrapes are for the same computer. > > Sometimes, arch="all" is there, sometimes not. I am guessing that which > arch="xxx" and origin="xxx" metrics are returned depends on which updates > are available at that point in time. > > This is the alert you suggested: > > min_over_time(apt_upgrades_pending[48h]) > 0 > > I tested it, and I am getting many alerts for each computer. > > For the purposes of this alert, I guess I could group (sum) all those > 'apt_upgrades_pending' values by 'instance', before applying > 'min_over_time', but I cannot get the expression right. > > Thanks in advance, > rdiez > > -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/617529a2-bb6a-407a-979d-bd56b3ba9b01n%40googlegroups.com.
