The RuleBaseEngine:onAlertCount Method
The RuleBaseEngine:onAlertCount method provides the rulebase engine alert rate statistics every 5 seconds. It provides alert rate averages over the previous 5, 10, 15, 30 and 60 seconds.
Remarks
When using this method as a data source in a rulebase, the test's clear condition will default to "Clear Timer" with a value of 900 seconds. However, because this async method provides statistics every 5 sec, choosing clear condition "First False" may be more useful.
RuleBaseEngine:onAlertCount and RuleBaseEngine:suspendAllAlerts can be used together to create an alert-rate circuit breaker that insulates the network from agents that produce alerts at message high rates that are too high. For example, using onAlertCount as a data source, if (5sec > 10) then suspendAllAlerts for 60,000 msec. This would suspend all alerts for 1min if the average rate of alerts over the last 5sec was greater than 2 alerts per sec.
Returns
| Name | Type | Description |
|---|---|---|
| 5sec | Integer | The alert rate averaged over the previous 5 seconds |
| 10sec | Integer | The alert rate averaged over the previous 10 seconds |
| 15sec | Integer | The alert rate averaged over the previous 15 seconds |
| 30sec | Integer | The alert rate averaged over the previous 30 seconds |
| 60sec | Integer | The alert rate averaged over the previous 60 seconds |