Conditions
Some requests and system elements require you to define logical operations. For example State Conditions requires you to define a condition that will trigger a state change.
SAYMON has multiple ways to define those conditions.
Simple condition
Simple operation is a single logical operation. It describes what operator should be used to compare a metric value to the constant.
"operation": "constant"Simple operations are often wrapped in a JSON object:
"metric_name":{
"operator": "constant"
}Supported operators
| Field | Description |
|---|---|
_ct |
Contains |
_eq |
Equal to |
_gt |
Greater than |
_gte |
Greater than or equal to |
_lt |
Less than |
_lte |
Less than or equal to |
_m |
Matches with. Can be used with regular expression |
_nct |
Not contains |
_neq |
Not equal to |
_exists |
Exists |
Example
This example shows a simple condition returned by the Get Link’s State Conditions request. If the roundTripAverage stat is greater than 16, link’s state will change to Working.
[
{
"condition": {
"roundTripAverage": {
"_gt": "16"
}
},
"state": 3,
"description": ""
}
]Complex condition
Complex conditions allow you to evaluate operations more complex than a single logical operations.
Condition Keys
| Key | Description |
|---|---|
_duration |
How long the condition must be satisfied continuously to evaluate as |
_ratio |
Calculates the ratio out of |
_field |
Evaluates the value of a field with a simple expression. |
_formula |
Evaluates a condition with a formula. See SAYMON Wiki for a formula syntax. |
_and |
Combines multiple expressions. |
_splash |
Splash detecting condition. See SAYMON Wiki for more info. |
_predict |
Analytics prediction condition. See SAYMON Wiki for more info. |
_period |
Time period condition. |
Examples
Ratio condition:
_ratio:{
num: "averageCpuLoad.oneMinuteAverageLoad",
denom: "cpuInformation.totalCores",
value: ">0.8" // This condition will return true if oneMinuteAverageLoad/totalCores > 0.8
}Field condition
_field: {
name: 'trapOid',
value: {
_eq: '.1.3.6.1.2.1.1.2.48324.3'
}
}Logical and condition:
_and: [
expression1,
expression2,
...,
expressionN
]Formula condition:
_formula: {
definition: '{{x}} / {{y}}',
value: {
_lte: 0
}
}Period condition:
_period: {
tz: "Europe/Berlin",
startDay: -1,
startTime: 57600, // 17:00 Berlin time
stopDay: -1,
stopTime: 64800 // 19:00 Berlin time
}Analytics conditions:
| Note that by default, the analytics module used to determine splashes and predictions isn’t included in the SAYMON images. To see the information on how to install it, see the SAYMON User Documentation. |
Splash condition:
"_splash": {
"metric": "averageCpuLoad.oneMinuteAverageLoad",
"value": {
"_gt": "1"
},
}Predict condition:
"_predict": {
"metric": "MEM.bytesAvailable",
"value": {
"_lt": "200000000"
},
"history": "1d-ago",
"period": "10"
}Incident filter
Incident filter has a special condition format that’s represented as an array. See Incident Filters article for more information.
{
"filter": [
[
// filter
]
],
...
}You can also use logical operations $and and $or to combine the filters:
body = {
"filter": [
[
"$and",
[
[
"$or",
[
[
// filter
],
[
// filter
]
]
],
[
// filter
],
[
// filter
]
]
]
],
...
}Examples
This is an example of using a simple property filter. It will return incidents whose Address property is equal to 192.168.1.1.
body = {
"filter": [
[
"property",
{
"value": "192.168.1.1",
"property": "Address",
"op": "_eq"
}
]
],
...
}You can also use logical operations $and and $or to combine the filters. This example shows incidents that either have Alarm severity or Info class (ID 24) and happened in the time period specified in the timestamp.
body = {
"filter": [
[
"$and",
[
[
"$or",
[
[
"classId",
"24"
],
[
"severity",
[
1
]
]
]
],
[
"timestamp",
{
"from": 1590068678404,
"to": 1590155078405
}
]
]
]
]
...
}