Time shift parameter of baselinedev()
I want to use a baselinedev function to make anomaly detection trigger for the amount of traffic.
I tested the formula below and it worked but it is not able to detect quickly.
baselinedev(/host/key,1h:now/h,"d",3)>1
Since the formula evaluates the current time as hour, if the trigger is executed at 2:00, it evaluates the data of 1:00-2:00.
On the other hand, if the trigger is executed at 2:59, it still evaluate the data of 1:00-2:00.
Therefore, if the anomaly happens at 2:30, it would take 30minutes to admins noticed, as the trigger executed at 3:00 can detect this anomaly.
So, I made a formula below, but zabbix said the second parameter is not valid.
baselinedev(/host/key,30m:now/m,"d",3)>1
The time shift parameters of "minutes" cannot be used for baselinedev function? If so, how can I make an anomaly detection trigger with a certain quickness?
I would appreciate any comment. Thank you.
I tested the formula below and it worked but it is not able to detect quickly.
baselinedev(/host/key,1h:now/h,"d",3)>1
Since the formula evaluates the current time as hour, if the trigger is executed at 2:00, it evaluates the data of 1:00-2:00.
On the other hand, if the trigger is executed at 2:59, it still evaluate the data of 1:00-2:00.
Therefore, if the anomaly happens at 2:30, it would take 30minutes to admins noticed, as the trigger executed at 3:00 can detect this anomaly.
So, I made a formula below, but zabbix said the second parameter is not valid.
baselinedev(/host/key,30m:now/m,"d",3)>1
The time shift parameters of "minutes" cannot be used for baselinedev function? If so, how can I make an anomaly detection trigger with a certain quickness?
I would appreciate any comment. Thank you.
Comment