docs: Add example for comparing current vs historical alert values#22062
Draft
nedi-app[bot] wants to merge 2 commits intomasterfrom
Draft
docs: Add example for comparing current vs historical alert values#22062nedi-app[bot] wants to merge 2 commits intomasterfrom
nedi-app[bot] wants to merge 2 commits intomasterfrom
Conversation
Add Example 4 to demonstrate the two-alert pattern for comparing current values against historical baselines. Clarifies that only ONE lookup line is allowed per alert definition and shows how to reference values across alerts using the $alert_name syntax. Addresses common confusion about displaying context in alerts when users want to show both current and average values.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
No issues found across 1 file
Confidence score: 5/5
- Automated review surfaced no issues in the provided summaries.
- No files require special attention.
Architecture diagram
sequenceDiagram
participant DB as Time-series Database
participant Engine as Health Engine
participant A1 as Alert 1 (Historical Baseline)
participant A2 as Alert 2 (Current Value)
Note over DB, A2: Netdata Health Evaluation Cycle (Periodic)
rect rgb(240, 240, 240)
Note right of A1: Alert 1: Calculate Baseline
Engine->>DB: lookup: average -1h of user
DB-->>Engine: Historical avg (e.g., 20%)
Engine->>A1: Update state: $cpu_user_1h_average = 20
end
rect rgb(230, 240, 255)
Note right of A2: Alert 2: Compare with Baseline
Engine->>DB: lookup: average -1m of user
DB-->>Engine: Current avg (e.g., 85%)
Note over Engine, A2: NEW: Use cross-alert variable reference
Engine->>A2: Evaluate expressions ($this vs $cpu_user_1h_average)
alt calc: $this - $cpu_user_1h_average
A2->>A2: Result: 65% deviation
end
alt warn: $this > 80 (Static Threshold)
A2->>Engine: Status: WARNING
else crit: $this > $cpu_user_1h_average * 4 (Dynamic Threshold)
A2->>Engine: Status: CRITICAL
end
end
Note over A2, Engine: Result: Alert info includes both current and historical context
Update Example 4 in REFERENCE.md to demonstrate how to display both current and historical values in alert notifications using variable interpolation in the info line.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new example to the Alert Examples section in REFERENCE.md demonstrating how to compare current metric values against historical baselines using the two-alert pattern.
Changes
$alert_namesyntaxMotivation
Users often want to understand why an alert fired by comparing the current value against historical context (e.g., "current: X, average: Y"). This example addresses a common misconception that you can use multiple
lookuplines in a single alert, showing the correct pattern of using separate coordinated alerts.Testing
$alert_name)Audit Context
Session Query (Original):
Session Query (English Translation):
Decision Verdict: surgical_edit
The user wanted to know how to display dynamic values (current vs average) in alert messages. The documentation now provides a clear example showing that:
lookupline is allowed per alert$alert_namesyntaxSummary by cubic
Adds a new example to REFERENCE.md that compares current metric values to a 1h baseline using the two-alert pattern, and shows how to include both numbers in alert messages. Clarifies the single
lookuprule and demonstrates variable interpolation in theinfoline with cross-alert references.$alert_name) incalc/warn/critand ininfoto output “current: X, average: Y”.Written for commit 2c9a769. Summary will update on new commits.