Elastalert: add aggregation type percentile

Created on 17 Mar 2020  路  5Comments  路  Source: Yelp/elastalert

Hi,

I need to use a rule of t type: spike_aggregation, with an aggregation rule of the type:
percentile: 90 (not supported as per documentation).

Can this be implemented somehow? Can you advise on what needs to be done ?
it would be really nice to set the

metric_agg_type: percentile
agg_percentile: 90

it seems there has been work about the percentile aggregation, but is seems dropped, or at least not making it to master branch:

my currently implemented rule would work... but the aggregation rule is wrong.:

type: spike_aggregation

index: some_name-*
metric_agg_key: transaction.renderTime
metric_agg_type: avg
doc_type: "_doc"

spike_height: 1.1
spike_type: up

2days comparison. last 2 days to previous 2 days

timeframe:
hours: 48

buffer_time:
hours: 48

realert:
minutes: 0

query_key: service.name

Threshold details:

threshold_ref: 1000
threshold_cur: 1000

picture PedroMSantosD
👍4

Most helpful comment

Hi @PedroMSantosD same here, while experimenting with some alerts I miss other aggregation types specially percentiles.
I can work and try submitting a pr myself in coming days but not sure the availability of maintainers to review it and if is something that will be accepted. Maybe @Qmando, Is it ok to you to think accepting adding percentile aggregation?

picture moix on 20 Apr 2020
👍4

All 5 comments

Hi @PedroMSantosD same here, while experimenting with some alerts I miss other aggregation types specially percentiles.
I can work and try submitting a pr myself in coming days but not sure the availability of maintainers to review it and if is something that will be accepted. Maybe @Qmando, Is it ok to you to think accepting adding percentile aggregation?

moix picture moix on 20 Apr 2020
👍4

Hi @PedroMSantosD @Qmando created a pr that adds support for percentiles metric_agg_type and a variable to specify the percentile value to calculate (percentile_range)
I'll be happy to amend or improve it if feedback. If you see it ok I can update documentation as well.

moix picture moix on 21 Apr 2020

Hi @Qmando , do you think you can review / merge the solution proposed by @moix ? I have tested it locally, and seems to be working fine

PedroMSantosD picture PedroMSantosD on 23 Apr 2020
👍2

Hello,

this would be a very nice feature as percentile is a popular KPI for application performances and it could be used besides the Kibana time series percentile option.

FloSew picture FloSew on 17 Jul 2020
👍1

Hi is there any updates? This will be very useful!

fzyzcjy picture fzyzcjy on 6 Feb 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

junaid1460 picture junaid1460  路  3Comments
AweiWoo picture AweiWoo  路  3Comments
aromualdo picture aromualdo  路  4Comments
Shashankft9 picture Shashankft9  路  3Comments
PMDubuc picture PMDubuc  路  3Comments