Create, edit, delete, enable, and disable policies with the Policy Editor. You can also use Policy Editor to enable and disable notifications.

Open the Policy Editor

  1. Navigate to Alerts > Add New Policy.
  2. Begin crafting your policy at Step 1: Scope.

You can also open an existing policy and click Edit Policy.  Policies that correspond to inactive datasources cannot be edited.

Edit Details

The top of your policy has 3 important fields:

  • Name: Make this human readable, something your team would understand months or years down the road.
  • Enable Policy: Policies are automatically enabled upon creation. To complete an unfinished policy at a later time, uncheck this field and save.
  • Category: Info, Warning, or Critical.

Choose Scope

The scope of a policy defines which element(s) get assigned to that policy. A policy can use a combination of criterion to narrow its selection; for example, all elements tagged with region-east + EC2 as a type.

Scope Methods

When using multiple fields, an element must meet each criterion to be included in the policy’s scope.


Name Contains or Name Excludes
  • Input a string of characters into the Name Contains or Name Excludes field. The policy then includes (or excludes) all elements matching the input
  • Name Excludes is located under More > Name Excludes

Element or Exclude Element
  • Search a drop-down list of all of your elements and check each to include (or exclude) all selections
  • Input a string of characters to search

Type, Attribute, Tag, & More
  • Search a drop-down list of all each category and check all objects that apply to include them in the policy
  • Input a string of characters to search

Duration

Duration is the consecutive length of time for which all the conditions in a policy must be met before an event or other optional notification is created. The default setting for metric condition duration is 5 minutes; the default (and only) setting for external event condition duration is real-time. Because Metricly aggregates data on five-minute cycles, the duration for metric conditions must be at least 5 minutes.

 For example, by setting the duration of Policy X to 10 minutes, an event will not be created in Metricly until all the conditions in Policy X have been met for the same period of 10 consecutive minutes.

Setting Duration

On Policy Editor, under the 2.Conditions section:

  • Metric Conditions: Select between 5 minutes and 6 hours.
  • External Event Conditions: Real-time is the only available option.

Create Conditions

When you are creating conditions, the Policy Editor counts the number of metrics that apply to the conditions you have set. To view those metrics, click on the link. This link opens the list of matching metrics in a new tab.

Blank
Create a Metric Condition
  1. Navigate to Alerts > New Policy > Conditions > Add Condition > Add Metric Condition.
    • To edit an existing policy, Navigate to Alerts > Show All Policies > Click Policy Name > Edit Policy > Conditions > Add Metric Conditions.
  2. Select either the Single Metric or Regex radio button.
    • Single Metric: Choose a metric from the Metric drop-down menu. This is the metric to which the condition will apply.
    • Regex: Begin typing into the field. Stop typing when you’ve found the desired matching metrics. Each matching metric used by the policy is joined by an OR, meaning that only a single metric has to trigger the policy, not all of the matching metrics.
  3. Use the Metric Tags field to filter your condition (optional).
  4. Select the deviations you want to track.
  5. Click Save.

Adding Multiple Metric Conditions to a Policy?

Use the Match Conditions feature to toggle between enforcing all conditions listed or just any one condition. See below:

Use Regex to Match Metric Conditions

Regex uses all metrics that contain your input value. Typing aws.elb.httpcode.* would match both aws.elb.httpcode_backend_2xx, as well as netuitive.aws.elb.httpcodebackenderrorpercent.

  • Exclude computed metrics using a ^ before the start of a metric name.
  • Use Metric Tags to select a tag to further filter your condition.
  • We recommend testing any regular expressions that you create here.

Match String

Match the start and end of the string contained between ^ and $.

Tag Key: ^Metricly$

Tag Value: ^true$

  • Matches the key-value pair Metricly = true
Match Multiple Variables

Match multiple values separated by | between ( ).

Tag Key: ^Name$

Tag Value: (my-server-one|my-server-two|my-server-three)

  • Matches  any of the following key-value pairs:
    • Name = my-server-one
    • Name = my-server-two
    • Name = my-server-three
Match Wildcard

Match any character(s) using ., which acts as a wildcard.

Tag Key: ^Name$

Tag Value: .Prod-app-1

  • Matches any value (e.g., Name = myProd-app-1, Name = yourProd-app-1) as long as Prod-app-1 followed:
Escape Special Regex Characters

Escape special regex characters (e.g., ., *, /, etc.) using a .

Tag Key: ^Name$

Tag Value: my.server.one

  • Matches the key-value pair Name = my.server.one.

Note: For a list of special regex characters you may have to escape, consult this page.

Match Entire Directory

Match an entire website’s directory using .*

Qhttps://www.metricly.comE.*
  • Matches anything that comes after www.metricly.com
  • The Q and E  force the URL to be matched literally
Match Part of Directory

Make the URL more specific to match everything from a particular part of the directory.

 Qhttps://help.metricly.com/Content/Reports/E.*
Match Multiple Containers

Match multiple containers between ( ) and separated by |. The following would match any of the following container IDs and exclude them from collection: abcdef123456, 123456abcdef, ghijkl789012.

metrics_blacklist = containers. (abcdef123456|123456abcdef|ghijkl789012)..*

Filter Exclusions

Use a negative lookahead (?! ) to specify a group that cannot match after the main expression–if something matches, the result is discarded. The following would match anything but the _all, datastore, and docsindices and exclude them from collection.

metrics_blacklist = elasticsearch .indices.(?!_all$|datastore$|docs$)

Add Filter

Add another index to a negative lookahead by placing the index name between | and $.

(?!_all$|datastore$|docs$|myimportantindexname$)

Metric Condition Deviation Types


Baseline Deviation

Baseline Deviation test triggers an event and other optional notifications when the current value of a metric is above and/or below 4 standard deviations from its normal operating range. A Baseline Deviation test can also be used to trigger an event when the value of a metric is or is not deviating from its normal operating range. Metricly determines the normal operating range of a metric based on the history of the actual values for that metric. The different Baseline Deviation tests are described below:

  • Upper (Baseline) Deviation: The current value of a metric is greater than or equal to 4 standard deviations above its normal operating range.
  • Lower (Baseline) Deviation: The current value of a metric is greater than or equal to 4 standard deviations below its normal operating range.
  • Is Deviating: The current value of a metric is greater than or equal to 4 standard deviations above or below its normal operating range.
  • Is Not Deviating: The current value of a metric is not deviating.

Contextual Deviation

Contextual Deviation test can be used to indicate when the value of a metric is above and/or below 4 standard deviations from its expected value. A Contextual Deviation test can also be used to indicate when a metric is deviating when it should not be, or is not deviating when it should be. Metricly determines the expected value for a metric based on the actual values of other correlated metrics in the learned model. The different Contextual Deviation tests are described below:

  • Upper (Contextual) Deviation: The current value of a metric is greater than or equal to 4 standard deviations above its expected value.
  • Lower (Contextual) Deviation: The current value of a metric is greater than or equal to 4 standard deviations below its expected value.
  • Is Deviating: The current value of a metric is greater than or equal to 4 standard deviations above or below its expected value.
  • Is Not Deviating: The current value of a metric is not deviating.

Static Threshold

Static Threshold test is used to trigger an event and other optional actions when the value of a metric is more than, less than, equal to, or not equal to a specified level. The level for a Static Threshold test can be any real number; the unit of the level depends on the metric to which it is applied.

  • For example, you can use a Static Threshold test to execute an event when the current value for the metric “CPU Utilization” is greater than 95%.

Sudden Change Deviation

A Sudden Change deviation test is used to indicate the difference between expected change and unexpected change on a certain metric. This is achieved by using historical data to predict future data intervals. The historical data used to determine the future interval is a sliding window of one hour that contextualizes future intervals.

The  Analytics Engine uses the following steps to detect a sudden change:

    1. Collects the last N+1 observed PT5M values, including the most recent value
    2. Applies a regression model to the N PT5M average values before the current one
      • If the regression model is a good fit, then use it to forecast a projected value of the metric.
    3. Compares the projected regression-model value with the actual observed value
      • This step determines whether the observed value is within the projected configurable range of confidence.
    4. If observed value is within expected range, returns a result of NO CHANGE
    5. If observed value is not within expected range, compute percent change

Percent change = |(observed value - projected value)| / |projected value|


Metric Threshold

Metric thresholds are unchanging levels that are compared against another metric’s current value. A Metric Threshold test can be used to indicate when the value of the specified metric is more than, less than, equal to, or not equal to another metric.


External Event Condition

External Event conditions for policies are typically used in conjunction with Webhook integrations. See the Webhook integration setup or Webhook API documentation for more information.

  1. Open Policy Editor.
  2. Click Conditions.
  3. Click Add Condition, then select Add External Event Condition.Type into the fields to create a proper filter:
    • Message Contains: A regex statement that attempts to match a word or phrase in the event message.
    • Title Contains: A regex statement that attempts to match a word or phrase in the event’s title.
    • Source Contains: A regex statement that attempts to match a word or phrase in the event’s source.
    • Level: What level of event should trigger this condition (Info, Warning, Critical).
  4. After completing the remaining fields in Policy Editor, click Save.

Creating & Editing a policy

Creating a new policy involves specifying the policy’s conditions, scope, duration, and notifications.

  1. Click New Policy or open an existing policy.
  2. In Policy Editor, complete the fields described in the table below:
    You can delete all events created by this policy in the Event Explorer by clicking Delete Events.
    Field/Section Description
    Name Type a name for the policy.
    Enable Policy Select or clear the Enabled box to enable or disable the policy.
    Category Categories are associated with the severity of the event generated by a policy. Each policy can be assigned one category. There are three color-coded categories that indicate the severity of the event. Select Info, Warning, or Critical.The table below describes each event category, listed in ascending severity.

    Category Color Description
    Info Blue The Info category indicates that a policy has been violated, but the anomalous behavior is not critical.
    Warning Yellow The Warning category indicates that a policy has been violated, and there will likely be a more critical event in the future.
    Critical Red The Critical category indicates that a policy has been violated, and the cause of the event should be addressed quickly.
    Scope Section
    Name Contains To apply a policy to one or more elements, type a string of characters into the field or select an element(s).

    For more information, see Scope.

    Name Excludes To exclude elements from a policy, type a string of characters into the field or select an element(s).
    Element Type Begin typing and/or select an element type (or types) associated with the desired element(s).
    Element Tag To apply a policy to one or more elements, begin typing and/or select a tag associated with the desired element(s). You can select multiple tags.
    You can select as many element types or tags as desired. You can also select as many elements as desired in the Name Contains and Name Excludes fields if you have the Select Elementsradio button selected.
    Conditions Section
    Duration is the consecutive length of time for which all the conditions in a policy must be met before an event or other notifications are created. Because Metricly analyzes raw data on five minutes cycles, the default duration time for metric conditions is five minutes. External Event condition durations are always evaluated in real time.

    For more information about duration, see Duration.

    Conditions are used to define the metric behavior or message content a policy monitors. Two types of conditions are available: Metric and External Event. Metric conditions allow you check metric performance against a static number, other metrics, and baseline / contextual statistics. External Event conditions allow you to check the contents of an event from an external source for a phrase or string of words. For more information about conditions as well as how to set them up, see Conditions.

    You can only have one type (Metric or External Event) of condition used for a policy, but you can have as many conditions set up as you want.
    Notifications Section Notifications: For more information on how to set up notifications, see Notifications.
    Description Section Type a description of the Policy.
  3. Click Save

Deleting a Policy

  1. On the Policies page, select the desired policy.
  2. In Policy Editor, click Delete.

Enabling/disabling a policy

  1. On the Policies page, select the desired policy.
  2. In Policy Editor, select or deselect the Enable Policy checkbox.
    You can also enable or disable policies directly from the List and Card Policy view options.
capterra

Join other DevOps who love Metricly!

Sign up for a free, fully featured, 21-day trial. No credit card required!