Events indicate that a policy has been violated, meaning all of the policy conditions have been met for the set duration. In other words, events indicate that Metricly has detected anomalous behavior in one or more of the elements in your environment.
For example, if you create a policy for all EC2 elements with the condition “CPU Utilization greater than 90%” and a duration of 10 minutes, an event will be generated when an EC2 element’s CPU Utilization metric exceeds 90% for 10 consecutive minutes.
Event categories are user-assigned via the Policy Editor and associated with the severity of the event. Each event can be assigned one category. There are three color-coded categories that indicate the severity of the event.
|Info||Blue||The Info category indicates that a policy has been violated, but the anomalous behavior is not critical.|
|Warning||Yellow||The Warning category indicates that a policy has been violated, and there will likely be a more critical event in the future.|
|Critical||Red||The Critical category indicates that a policy has been violated, and the cause of the event should be addressed quickly.|
Assigning an Event Category
- Open Policy Editor.
- Underneath the Policy’s name, in the Category drop-down menu, select Info, Warning, or Critical.
- After completing the remaining fields in Policy Editor, click Save.
The following tools allow you to view and analyze events in the Metricly UI:
- Event Explorer: Event Explorer displays a comprehensive list of all the events in your environment. You can filter the list by the event category, source (Metricly or External), element, element type, and/or tag of the element(s) to which an event is associated. You can also filter events within a specific time frame. For more information about Event Explorer, see below.
- Metrics page: Metrics page displays the events and metric data for a specified element. The amount of data displayed can be limited by selecting a time frame setting and by showing or hiding metric charts. For more information about Metrics page, see Metrics page.
Event Explorer allows you to view, search, and analyze events.
- Search: Contains several filters where you can search for Event (i.e. the policy that created the event), event category, source (Metricly or External), element, element type, Element tag, and/or Event tag. Expand the More filter to see additional filters; select a filter to add it to the list of active filters. For more information on creating event tags, see the external events section below.
- Events list: The Events list lists events by the date and time they occurred, the name of the policy that generated the event, the event category, the source of the event (Metricly or External), the name of the element(s) to which they are associated, and the type of the element(s) to which they are associated. Click the name of the policy in the Event column to view the violating metrics on the Metrics page (source = Metricly) or the event message (source = External). Click the Element’s name to view the element’s Element Detail panel. You can also navigate to Policy Editor to edit the policy associated with the event by clicking the Event name (events from Metricly only).
- Events graph: The Events graph displays the events in your environment based on the Time Frame setting and other search filters. Click an event to have the option of viewing the violating metrics on the Metrics page or edit the policy the event is associated with.
- Time Frame: The Time Frame controls the range of data displayed. To refresh data, click the refresh button. Selecting “1w” in the Time Frame displays the most recent week of data and/or elements. By selecting “Ending Now,” you can specify a range of data beginning with a date other than today. For more information, see Time Frame.
- Click a Metricly-based event. A menu will display.
- Click View Violating Metrics.
The Metrics page opens with the metric chart displaying only the metrics that were referenced in the policy that generated the event.
Zooming in on the Events graph
- Click and drag across a region of the Events graph.
To reset the zoom on the Events graph, click Reset on the Events graph.
Metricly accepts events generated from external sources. These events can be viewed on the events timeline and can be defined by their level (info, warning, critical). External incidents are a great example of a critical level external event. They are considered open when the first event is received and closed after no sequential event is received within a set duration.
To create an external event policy:
- Navigate to an existing policy or create a new one via Alerts > + Add New Policy
- Navigate to the second tab, Conditions.
- Click + Add Condition > Add External Event Condition.
- Set a Close After duration (default is 5 minutes).
- Input the Message, Title, Source, and Level of your external event. Critical external events are incidents.
- Continue filling out the policy by defining scope, adding any necessary notifications, and a description.
- Save your policy.
The following documentation will help you send external events using one of our supported external sources:
Click an external event icon on the Events Graph to view more information about the event, including the event message, the event ID, and any tags (key-value pairs).