"The query in severity warn does not match the one in alertSources.query" ERROR

Avatar
Jeremy Rodriguez
Follow

This article applies to:

• Alerting

 Product edition: All

 Feature Category: Alerts

 

Overview

When creating an alert using Aria Apps API POST /api/v2/alert, error "The query in severity warn does not match the one in alertSources.query" ERROR could be received some scenarios/symptoms could be:

  • Creating alert via Terraform
  • Creating alert based on GET /api/v2/alert/{alert_id} output

mceclip0.png

Cause

This happens because the displayExpression is different than the severe/warn conditions in the alert payload. They both need to match and hence this error returned, example:

  • Incorrect

mceclip1.png

Resolution

A correct alert payload should look like:

mceclip2.png

  • This happens often if the user uses GET alert API output to create an alert based on the output.

If Alert conditions severe/warn/info/smoke expressions are different the same error is received, for example:

mceclip3.png

  • This payload will output error.

Terraform example:

### Terraform resource :
resource "wavefront_alert" "Temporal-frontend-service-availability-lv7" {
name = "Temporal-frontend-service-availability-lv7"
alert_type = "THRESHOLD"
additional_information = "Temporal-frontend-service-availability-lv7"
display_expression = "sum(rate(ts(\"temporal-prod-lv7-frontend.service_errors*\")))/sum(rate(ts(\"temporal-prod-lv7-frontend.service_requests*\"))) * 100"
minutes = 20
resolve_after_minutes = 20
tags = ["dpsre-managed", "dpse.temporal-onprem.prod.lv7.frontend.service-availability", "dpsre.temporal"]
conditions = {
"severe" = "100 - (sum(rate(ts(\"temporal-prod-lv7-frontend.service_errors*\"))) * 100/sum(rate(ts(\"temporal-prod-lv7-frontend.service_requests*\")))) > 25"
"warn" = "100 - (sum(rate(ts(\"temporal-prod-lv7-frontend.service_errors*\"))) * 100 /sum(rate(ts(\"temporal-prod-lv7-frontend.service_requests*\")))) > 15"
}

threshold_targets = { "severe" : "target:low", "warn" : "target:high" }
}

In the above shared example, the display expression and severe/warn expression are different. It should be same

The first part of the conditions is the display expression which should be common for both severe/warn/info/smoke.  The conditions should only differ in values comparison (ex: > 90 is severe , > 70 is warn etc.) keeping the expression same.

See also:

Terraform Integration

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments