Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Processor: State

The State processor checks that a value is one of the specified anomalous states. It outputs DSS with anomaly values, such as 'true' if the value is in the specified states, and otherwise, it returns 'false'. (previously called 'state_check' and 'in_state'). The State processor supports multiple reference states and output is 'true' when input is in any of the specified states.

Parameter Description
Input Types Table( discrete state, accumulate=True or False)
Output Types Table (discrete state)
Graph Query (graph_query)

One or more queries on graph specified as strings, or a list of such queries. (String will be deprecated in a future release.) Multiple queries should provide all the named nodes referenced by the expression fields (including additional_properties). Graph query is executed on the "operation" graph. Results of the queries can be accessed using the "query_result" variable with the appropriate index. For example, if querying property set nodes under name "ps", the result will be available as "query_result[0]["ps"]".

In collector processors (*_collector, if_counter) it is used to choose a set of nodes for further processing (for example, all leaf devices, or all interfaces between leaf and spine devices)

In other processors it is used for general parameterization and it is only supported as a list of queries.

graph_query: "node("system", role="leaf", name="system").
              out("hosted_interfaces").
              node("interface", name="iface").out("link").
              node("link", role="spine_leaf")"
graph_query: ["node("system", role="leaf", name="system")",
              "node("system", role="spine", name="system")"]

Non-collector processors containing the graph_query configuration parameter, can be parameterized to use data from arbitrary nodes in the graph, such as property set nodes. Property sets allow you to parameterize macro level SLAs for individual business units. In the example below, graph_query matches a node of type property_set with label probe_propset. It's accessed using the special query_result variable, where Index 0 means it's the first node in query results. If a query returned N nodes, they could be accessed using indices starting from 0 to N-1. ps is what the actual node is referred to in the query; the rest depends on the structure of the node. The int() casting is required because values of property_set nodes are strings. Here it's assumed that a property set node has the label probe_propset and that the value accumulate_duration was already created.

graph_query: [node("property_set", label="probe_propset", name="ps")]
duration: int(query_result[0]["ps"].values["accumulate_duration"])

Another example is a that probes can validate a compliance requirement; the compliance value may change over time and/or it can be used by more than one probe. Also, a probe can validate NOS versions on devices. In this case, property sets can be used to define the current NOS version requirement. If it changes tomorrow: change the property set value, instead of going under the probe stage.

Anomalous States Expression that evaluates to DS value or list of DS values which is used for the check. For example, it can be: "'true'" (expression evaluating to a string) or "['missing', 'unknown', 'down']" (expression evaluating to a list of strings).
Anomaly MetricLog Retention Duration Retain anomaly metric data in MetricDb for specified duration in seconds
Anomaly MetricLog Retention Size Maximum allowed size, in bytes of anomaly metric data to store in MetricDB
Anomaly Metric Logging Enable metric logging for anomalies
Enable Streaming (enable_streaming) Makes samples of output stages streamed if enabled. An optional boolean that defaults to False. If set to True, all output stages of this processor are streamed in the generic protobuf schema.
Raise Anomaly (raise_anomaly) Outputs “true” and “false” values, “true” meaning an appropriate item is anomalous, and "false" meaning the item is not anomalous. When Raise Anomaly is set to True, an actual anomaly is generated in addition to a sample in the output.

Example: State

Sample Input (DS)

Sample Output (DSS)

If expression is used for the state field, then it's evaluated for each input item, and it results into item-specific state value. Properties of the respective output item are extended by the state property with value of the evaluated expression.

Sample Input (DS):

Sample Output (DSS)