Can we use filters in Checks instead of handlers?

Please guide me. Lets I create a filter which work on bases of occurences. If occurence of an event in 1 or more than 1 for 10 minutes or (10 executions) then it should consider it WARNING, CRITICAL or OK accordingly.

Can I use this filter in check definition instead of handler?

Hi there. No, this is not possible as it’s part of the check specification. Filters are only ever able to be applied on a handler. Is there a particular reason you’d want event data filtered at the check level?

Thanks for your reply. Yes. Lets consider a check with following params.

{
name: check1
command: check-queuejobs.rb -w 300 -c 500
Duration : 300s
Interval: 60s
}

I want this check to run 5 times in 300s. It should decide finally after 300s.
If <=300 even once out of 5, OK
if 300<jobs<500 in all 5 executions, or >500 in 4 execution, WARNING
if jobs > 500 in all 5 executions, CRITICAL

I was trying to handle this situation by using filters.

Hi @masifpak,

I guess what I’m trying to get at is why would you need a filter applied on a check? What’s your use case for needing this? Is this a desire to not have the check show up in the dashboard?

In your other post, I provided a link to our docs where you can set up the exact sort of filters you’re looking for: How can we get check output and decision on the bases of a time period (like 10 minutes)?. Please look over https://docs.sensu.io/sensu-go/latest/guides/reduce-alert-fatigue/ and see if that covers what you need. In particular, https://docs.sensu.io/sensu-go/5.14/guides/reduce-alert-fatigue/#annotating-a-check-for-filter-asset-use should provide a useful example for you.

I got through this link. This is reducing alerts on mails, sms and on-calls on pagerduty, opsgenie etc. My intension is to reduce alerts on sensugo dashboard. There are some flexible cases like jobs in rabbitmq can spike but should not sustain that spike for longer. If this spike is usual then it is more required.

I think there’s a misunderstanding of what the dashboard does and how it’s best used @masifpak. The dashboard displays what’s in the backend and is useful for at-a-glance views of what’s going on with your entities and checks. If you’re using the dashboard to be your primary means of alerting you, I’d suggest not relying on it. Our intent was never for that dashboard to be used as an alerting mechanism. Other services (pagerduty, email, texts) do this much better. Using a dashboard like Grafana would give you much more flexible dashboarding capabilities and would be better tool for providing your operators with exactly what they need.

Thanks for being so helpful. By adding this feature we can make sensugo dashboard more useful.