feat: add Grafana alerting rules and documentation (refs #111)
All checks were successful
Deploy to Staging / Build Images (pull_request) Successful in 36s
Deploy to Staging / Deploy to Staging (pull_request) Successful in 51s
Deploy to Staging / Verify Staging (pull_request) Successful in 2m36s
Deploy to Staging / Notify Staging Ready (pull_request) Successful in 8s
Deploy to Staging / Notify Staging Failure (pull_request) Has been skipped
All checks were successful
Deploy to Staging / Build Images (pull_request) Successful in 36s
Deploy to Staging / Deploy to Staging (pull_request) Successful in 51s
Deploy to Staging / Verify Staging (pull_request) Successful in 2m36s
Deploy to Staging / Notify Staging Ready (pull_request) Successful in 8s
Deploy to Staging / Notify Staging Failure (pull_request) Has been skipped
Configure Grafana Unified Alerting with file-based provisioned alert rules, contact points, and notification policies. Add stable UID to Loki datasource for alert rule references. Update LOGGING.md with dashboard descriptions, alerting rules table, and LogQL query reference. Alert rules: Error Rate Spike (critical), Container Silence for backend/postgres/redis (warning), 5xx Response Spike (critical). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Eric Gullickson
@@ -52,7 +52,39 @@ All logs include a `requestId` field (UUID v4) for tracing requests:
|
||||
- URL: https://logs.motovaultpro.com
|
||||
- Default credentials: admin/admin (change on first login)
|
||||
|
||||
### Example LogQL Queries
|
||||
## Dashboards
|
||||
|
||||
Four provisioned dashboards are available in the MotoVaultPro folder:
|
||||
|
||||
| Dashboard | Purpose | Key Panels |
|
||||
|-----------|---------|------------|
|
||||
| Application Overview | System-wide health at a glance | Container log volume, error rate gauge, log level distribution, container health status, request count |
|
||||
| API Performance | Backend latency and throughput analysis | Request rate, response time percentiles (p50/p95/p99), status code distribution, slowest endpoints |
|
||||
| Error Investigation | Debugging and root cause analysis | Error log stream, errors by container/endpoint, stack trace viewer, correlation ID lookup, recent 5xx responses |
|
||||
| Infrastructure | Container-level logs and platform monitoring | Per-container throughput, PostgreSQL/Redis/Traefik/OCR logs, Loki ingestion rate |
|
||||
|
||||
All dashboards refresh every 30 seconds and default to a 1-hour time window. Dashboard JSON files are in `config/grafana/dashboards/` and provisioned via `config/grafana/provisioning/dashboards.yml`.
|
||||
|
||||
## Alerting Rules
|
||||
|
||||
Grafana Unified Alerting is configured with file-based provisioned rules. Alert rules are evaluated every 1 minute and must fire continuously for 5 minutes before triggering.
|
||||
|
||||
| Alert | Severity | Condition | Description |
|
||||
|-------|----------|-----------|-------------|
|
||||
| Error Rate Spike | critical | Error rate > 5% over 5m | Fires when the percentage of error-level logs across all mvp-* containers exceeds 5% |
|
||||
| Container Silence: mvp-backend | warning | No logs for 5m | Fires when the backend container stops producing logs |
|
||||
| Container Silence: mvp-postgres | warning | No logs for 5m | Fires when the database container stops producing logs |
|
||||
| Container Silence: mvp-redis | warning | No logs for 5m | Fires when the cache container stops producing logs |
|
||||
| 5xx Response Spike | critical | > 10 5xx responses in 5m | Fires when the backend produces more than 10 HTTP 5xx responses |
|
||||
|
||||
Alert configuration files are in `config/grafana/alerting/`:
|
||||
- `alert-rules.yml` - Alert rule definitions with LogQL queries
|
||||
- `contact-points.yml` - Notification endpoints (webhook placeholder for future email/Slack)
|
||||
- `notification-policies.yml` - Routing rules that group alerts by name and severity
|
||||
|
||||
## LogQL Query Reference
|
||||
|
||||
### Common Debugging Queries
|
||||
|
||||
Query by requestId:
|
||||
```
|
||||
@@ -66,7 +98,49 @@ Query all errors:
|
||||
|
||||
Query slow requests (>500ms):
|
||||
```
|
||||
{container="mvp-backend"} | json | duration > 500
|
||||
{container="mvp-backend"} | json | msg="Request processed" | duration > 500
|
||||
```
|
||||
|
||||
### Error Analysis
|
||||
|
||||
Count errors per container over time:
|
||||
```
|
||||
sum by (container) (count_over_time({container=~"mvp-.*"} | json | level="error" [5m]))
|
||||
```
|
||||
|
||||
Error rate as percentage:
|
||||
```
|
||||
sum(count_over_time({container=~"mvp-.*"} | json | level="error" [5m]))
|
||||
/ sum(count_over_time({container=~"mvp-.*"} [5m])) * 100
|
||||
```
|
||||
|
||||
### HTTP Status Analysis
|
||||
|
||||
All 5xx responses:
|
||||
```
|
||||
{container="mvp-backend"} | json | msg="Request processed" | status >= 500
|
||||
```
|
||||
|
||||
Request count by status code:
|
||||
```
|
||||
sum by (status) (count_over_time({container="mvp-backend"} | json | msg="Request processed" [5m]))
|
||||
```
|
||||
|
||||
### Container-Specific Queries
|
||||
|
||||
PostgreSQL errors:
|
||||
```
|
||||
{container="mvp-postgres"} |~ "ERROR|FATAL|PANIC"
|
||||
```
|
||||
|
||||
Traefik access logs:
|
||||
```
|
||||
{container="mvp-traefik"} | json
|
||||
```
|
||||
|
||||
OCR processing errors:
|
||||
```
|
||||
{container="mvp-ocr"} |~ "ERROR|Exception|Traceback"
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
Reference in New Issue
Block a user