Status Message

Introduction to the Status Message

The TrackMe status message is a human-readable status that describes the reasons why TrackMe defined the entity status. It is the fastest and easiest way for an analyst to understand the reasons behind the status of a TrackMe entity. TrackMe entities can have the following statuses:

  • Green: The entity is considered to be in a healthy state.

  • Red: The entity is considered to be in a non-healthy state.

  • Orange: This is an intermediate status, indicating a condition such as the detection of data in the future.

  • Blue: The entity is a member of a logical group that fulfills the monitoring conditions but is in a non-healthy state.

The status is influenced by different factors, such as Key Performance Indicators and additional features such as the Machine Learning Outliers detection.

Factors Influencing the Status

These conditions differ depending on the type of TrackMe components.

For instance, with the splk-dsm TrackMe component (which stands for Data Source Monitoring), the essential factors can be:

  • If the entity is suffering from latency at the ingestion (the maximal acceptable threshold for the latency for this entity was breached)

  • If the entity is suffering from delay (the data flow is interrupted according to the entity threshold)

  • Quality anomalies were found by the Data Sampling TrackMe feature (events format recognition)

  • Outliers were detected by the Machine Learning engine

And more.

The “status_message” field is a readable translation of the machine status for that entity, adding context to easily and quickly understand the reasons behind the status.

Availability of the Status Message

The status message is made available in different parts of TrackMe, such as:

  • A graphical object in the user interface for the analyst to review

  • As part of a notable event created by a TrackMe alert

  • As part of the alert results itself

  • Stored in the main KVstore of the TrackMe Virtual Tenant and component, in the status_message field

Reviewing the Status Message

The status message of an entity is easily accessible from the tab called “Status message” in the entity main screen. The message content is associated with the color code of the entity state, such as red, green, etc.

Examples of Status Messages

Here are some examples of status messages:

  • Green:

Good: entity status is green, latest data available is 31 Mar 2023 16:58 (479 seconds from now), and monitoring conditions are met.
notable1.png

Red:

Alert: entity status is red, monitoring conditions are not met due to lagging or interruption in the data flow, latest data available is 31 Mar 2023 16:56 (631 seconds from now) and ingestion latency is approximately 4 seconds, max lag configured is 600 seconds.
notable2.png

The TrackMe status message is an essential feature for quickly understanding the reasons behind an entity’s status, making it easier to determine what needs to be addressed to monitor and track data availability and quality effectively.