I want notifications to be selected depending on tags. So I am using lookup.
notification default {
email = mailid-1
next = default
timeout = 1m
}
notification nondefault {
email = mailid-2
next = nondefault
timeout = 1m
}
lookup notif {
entry some_tag=value {
mail = nondefault
}
entry some_tag=* {
mail = default
}
}
And in alert I am giving
critNotification = lookup("notif", "email")
My question is it possible to use multiple tags in
lookup(I am using some_tag=value) ?
eg. something like
lookup notif {
entry some_tag=value,some_other_tag=value {
mail = nondefault
}
entry some_tag=* {
mail = default
}
}
Yes, there is an example in the documentation (kind of hard to find):
lookup cpu {
entry host=web-*,dc=eu {
high = 0.5
}
entry host=sql-*,dc=us {
high = 0.8
}
entry host=*,dc=us {
high = 0.3
}
entry host=*,dc=* {
high = 0.4
}
}
alert cpu {
crit = avg(q("avg:rate:os.cpu{host=*,dc=*}", "5m", "")) > lookup("cpu", "high")
}