Monitor STJ file format
StackState Self-hosted v5.1.x
Last updated
StackState v5.1
StackState Self-hosted v5.1.x
Last updated
Monitors can be attached to any number of elements in the StackState topology to calculate a health state based on 4T data. Each monitor consists of a monitor definition and a monitor function. Monitors are created and managed by StackPacks, you can also create custom monitors and monitor functions outside of a StackPack without having to modify any configuration.
Monitors in StackState are represented textually using the . The following snippet presents an example monitor file:
In addition to the usual elements of an STJ file, the protocol version and timestamp, the snippet defines a single node of type Monitor.
The supported fields are:
name - a human-readable name that shortly describes the operating principle of the monitor.
description - a longer, more in-depth description of the monitor.
remediationHint - a short, markdown-enabled hint displayed whenever the validation rule represented by this monitor triggers and results in an unhealthy state.
status - either ENABLED|DISABLED. Dictates if the monitor will be running and producing health states. Optional. If not specified, the previous status will be used (DISABLED for newly created monitors).
tags - tags associated to the monitor.
An important field of the monitor node is the identifier - it's a unique value of the StackState URN format that can be used together with the monitor-specific StackState CLI commands. The identifier should be formatted as follows:
urn : <prefix> : monitor : <unique-monitor-identification>
The <unique-monitor-identification> is user-definable and free-form.
Each monitor configured in StackState uses a monitor function to compute the health state results that are attached to the elements.
Monitor functions are scripts that accept 4T data as input, check the data based on some internal logic and output health state mappings for the affected topology elements. The function is run periodically by the monitor runner (at the configured intervalSeconds). The monitor function is responsible for detecting any changes in the data that can be considered to change an element's health state.
You can list the available monitor functions using the CLI command:
From StackState v5.0, the old sts CLI has been renamed to stac and there is a new sts CLI. The command(s) provided here are for use with the new sts CLI.
The parameter binding syntax is common for all parameter types, and utilizes the following format:
_type - The type of the parameter.
parameter - A reference to the concrete instance of a parameter within a function's parameter list. The Name must match the name specified in the monitor function.
value - the value of the parameter to pass to the monitor function.
During an invocation of a monitor function, the parameter value is interpreted and instantiated beforehand with all of the requisite validations applied to it. Assuming it passes type and value validations, it will become available in the body of the function as a global value of the same name, with the assigned value.
Descriptions of parameters that are commonly used by monitor functions can be found below:
The most common and simple monitor function parameter types are numeric values.
To supply a value to the value parameter defined in the monitor function, the monitor STJ definition would look something like the following:
To supply a value to the topologyQuery parameter defined in the monitor function, the monitor STJ definition would look something like the following:
Monitor functions that utilize telemetry tend to be parameterized with the exact telemetry query to use for their computation. The telemetry query should be built using the StackState Telemetry Script API. The following fields are particularly useful in telemetry queries that are passed to monitor functions:
groupBy(fields) - when a monitor will produce a health state for multiple components, use the groupBy field to produce multiple time series as a set of unique values for the defined fields.
aggregation(type, interval) - aggregates each time series by the defined type. Each aggregated value is constructed out of a data span the size of the defined interval.
To supply a value to the telemetryQuery parameter defined in the monitor function, the monitor STJ definition would look something like the following. Note that the provided value must utilize the StackState Telemetry Script API and evaluate to a telemetry query, otherwise it won't pass the argument validation that is performed before the function execution begins.
Monitor functions that don't process any topology directly still have to produce results that attach to topology elements by way of matching the topology identifier that can be found on those elements. In those cases, one can expect a function declaration to include a special parameter that represents the pattern of a topology identifier.
The topologyIdentifierPattern value supplied to the monitor function should result in a valid topology identifier once processed by the function logic. It therefore likely needs to include various escape sequences of values that will be interpolated into the resulting value by the monitor function:
The telemetry query above groups its results by two fields: host and region. Both of these values will be available for value interpolation of an exact topology identifier to use, and each different host and region pair can be used either individually or together to form a unique topology identifier. If the common topology identifier scheme utilized by the topology looks as follows, then the different parts of the identifier can be replaced by references to host or region:
A monitor with an ENABLED status will be automatically executed and its results will be persisted. A DISABLED monitor is still available for a dry-run to inspect its results and execution (helpful for debugging a monitor). When a monitor is initially created it will start with a DISABLED status, unless the status field is present in the payload. When a monitor is updated, it will keep its own status, unless the status is specified. If the status field is included in the payload, the monitor will assume the specified status.
The monitor run interval determines how often a monitor logic will be executed. This is configured in the monitor STJ file as a number of seconds using the intervalSeconds field. For example, an intervalSeconds: 60 configuration means that StackState will attempt to execute the monitor function associated with the monitor every 60 seconds. If the monitor function execution takes significant time, the next scheduled run will occur 60 seconds after the previous run finishes.
A monitor STJ file and an STJ monitor function definition contain the following script and queries:
The property script of type ScriptFunctionBody in the monitor function definition provides a groovy script that is run by the monitor function.
For example:
Obtains something like the following:
Here the ArgumentScriptMetricQueryVal script (query) is readable and more easily editable in a YAML representation of the monitor.
After the script, or any other field, has been edited in the YAML representation, you can go back to the STJ representation using:
identifier - a StackState-URN-formatted value that uniquely identifies this monitor definition. For more details see .
function - the specific monitor function to use as the basis of computation for this monitor. For more details see .
arguments - lists concrete values that are to be used for parameters in the monitor function invocation. For more details and descriptions of commonly used parameters, see .
intervalSeconds - dictates how often to execute this particular monitor; new executions are scheduled after the specified number of seconds, counting from the time that the last execution ended. For more details see .
The <prefix> is described in more detail in .
➡️
You can to customize how StackState processes 4T data.
The arguments defined in the monitor STJ definition should match the parameters defined in the monitor function STJ definition. See below for examples of .
- a simple numeric value.
- a query to return a subset of the topology.
- a query that returns the telemetry to be passed to the monitor function.
- the pattern of the topology element identifiers to which the monitor function should assign calculated health states.
Monitor functions that utilize Topology often times take a Topology Query as a parameter. An external tool can be used to allow you to easily .
➡️
The exact value to use for this parameter depends on the topology available in StackState (or more precisely on its identifier scheme), and on the values supplied by the monitor function for interpolation (or more precisely the type of data processed by the function). In the most common case, a topology identifier pattern parameter is used in conjunction with a - in this case, the fields used for the telemetry query grouping (listed in its .groupBy() step) will also be available for the interpolation of topology identifier values. For example, consider the following query:
in the monitor STJ file define a telemetry query to be used by the monitor function.
For details of the script property, see the page .
It can be challenging to add scripts and queries to the STJ format. An external tool, such as , can be used to get a more friendly formatting of the script or query to work with and update as required.
Update a query defined in ArgumentScriptMetricQueryVal for a monitor using the external tool to get a more friendly formatting:
Update a monitor function using the external tool to get a more friendly formatting:
This uses the example monitor function shown on the page