// conntrack_alert

// metric: {ip_conntrack_count,ip_conntrack_max}

// TELEGRAF CONFIGURATION
// [[inputs.conntrack]]
//  files = ["ip_conntrack_count","ip_conntrack_max",
//            "nf_conntrack_count","nf_conntrack_max"]
//  dirs = ["/proc/sys/net/ipv4/netfilter","/proc/sys/net/netfilter"]

// DEFINE: kapacitor define conntrack_alert_batch -type batch -tick conntrack_alert_batch.tick -dbrp telegraf.autogen
// ENABLE: kapacitor enable conntrack_alert_batch

// Parameters
var info = 69
var warn = 79
var crit = 89
var period = 10s
var every = 10s

// Dataframe
var data = batch
  |query('''select (mean(ip_conntrack_count)/mean(ip_conntrack_max))*100 as stat from "telegraf"."autogen".conntrack''')
    .period(period)
    .every(every)
    .groupBy('host')

// Thresholds
var alert = data
  |alert()
    .id('{{ index .Tags "host"}}/connection_used')
    .message('{{ .ID }}:{{ index .Fields "stat" }}')
    .info(lambda: "stat" > info)
    .warn(lambda: "stat" > warn)
    .crit(lambda: "stat" > crit)

// Alert
alert
  .log('/tmp/conntrack_alert_log.txt')