This message was deleted.

@Mariano Mirabelli thanks for the detailed explanation of the issue. @Amol Umbark please give it a look when you get some time.

Hi @Mariano Mirabelli Thanks a detailed post on this issue. I am trying to reproduce the error. Will get back to you soon

Hi, @Amol Umbark thanks for your help. If I can be helpful with something else, just let me know about it.

hi @Mariano Mirabelli When an alert threshold is set (e.g. 5), we append the condition to promql expression. So the above promql expression would become

max(sum(rate(signoz_calls_total{service_name="ktor-test", operation=~`HTTP GET|HTTP POST`, status_code="STATUS_CODE_ERROR"}[5m]) OR rate(signoz_calls_total{service_name="ktor-test", operation=~`HTTP GET|HTTP POST`, http_status_code=~"5.."}[5m]))*100/sum(rate(signoz_calls_total{service_name="ktor-test", operation=~`HTTP GET|HTTP POST`}[5m]))) < 1000 OR vector(0) > 5

I think this is where there might be an expectation mis-match. can you please modify your expression to below and retry. Here I have just added brackets around the expression.

(max(sum(rate(signoz_calls_total{service_name="ktor-test", operation=~`HTTP GET|HTTP POST`, status_code="STATUS_CODE_ERROR"}[5m]) OR rate(signoz_calls_total{service_name="ktor-test", operation=~`HTTP GET|HTTP POST`, http_status_code=~"5.."}[5m]))*100/sum(rate(signoz_calls_total{service_name="ktor-test", operation=~`HTTP GET|HTTP POST`}[5m]))) < 1000 OR vector(0))

Hi @Amol Umbark, it has worked! Thanks for your help! To better understand: Does the problem arise because without brackets the precedence of the operators is not respected?

yeah. Promql engine reacts to it differently. we will update the alerting engine to handle this internally so users won't have to. I have also added detailed explanation on alerting in this issue. Do take a look if you want to know what goes on under the hood. https://github.com/SigNoz/signoz/issues/1696

Great! Thanks for the detailed explanation and for helping me!