简单来说,spike规则能够对比前后两个相邻时间段的事件数,当二者事件数满足一定条件时,发出报警。
该规则在官方文档以及各论坛中的解释均有些模糊,且说法不一,因此通过python源码来查看其报警匹配规则是一个最好的途径
def find_matches(self, ref, cur):
""" Determines if an event spike or dip happening. """
# Apply threshold limits
if self.field_value is None:
if (cur < self.rules.get('threshold_cur', 0) or
ref < self.rules.get('threshold_ref', 0)):
return False
elif ref is None or ref == 0 or cur is None or cur == 0:
return False
spike_up, spike_down = False, False
if cur <= ref / self.rules['spike_height']:
spike_down = True
if cur >= ref * self.rules['spike_height']:
spike_up = True
if (self.rules['spike_type'] in ['both', 'up'] and spike_up) or \
(self.rules['spike_type'] in ['both', 'down'] and spike_down):
return True
return False
上方是spike规则源码中最关键的一段代码,也就是其极端cur和ref的核心。