Unable to trigger log based alert when count() threshold is 0 #9447
Description
Bug description
Not sure if this is a bug or expected behaviour, but I'd like to trigger an alert when Signoz detects more than one log with severity_text = 'Error' within the aggregated time frame.
The problem is that the query never goes back down to 0, it seems it only counts if there are any logs to count. It never counts 0 logs.
Expected behavior
I would like it to report 0 if there are no logs in that specific time frame. Now we just get nothing until the next data point (where logs are > 0)- and it seems to extrapolate the last value until the next data point.
Say you have 6 hours of observation:
| HOUR | 12 | 13 | 14 | 15 | 16 | 17 | 18 |
|---|---|---|---|---|---|---|---|
| ACTUAL ERROR LOGS | 0 | 1 | 0 | 0 | 2 | 0 | 0 |
| COUNTED ERR. LOGS | NA | 1 | NA | NA | 2 | NA | NA |
| Graph ERROR LOGS | NA | 1 | 1.33 | 1.66 | 2 | NA | NA |
As you see in the table, Siznos' Querybuilder count() never goes back down to 0.
Hope this makes my problem clear.
I probably just do not understand how to configure the alert properly, so any help would be appreciated.
How to reproduce
This is the alert config:
You can see on the graph that the green line never goes down to 0, it stays at the last value even though there are no logs and the count should be 0.
Version information
- Signoz version: v0.97.1
- Browser version: Does not work in any browser?
- Your OS and version: Linux
- Your CPU Architecture(ARM/Intel): x86