Aggregate event handler

This page documents an earlier version of Kapacitor. Kapacitor v1.6 is the latest stable version. View this page in the v1.6 documentation.

The aggregate event handler aggregates multiple events into a single event. It subscribes to a topic and aggregates published messages within a defined interval into an aggregated topic.


The following aggregate event handler options can be set in a handler file.

intervaldurationHow often to aggregate events. Interval must be specified in nanoseconds.
topicstringA topic into which to publish the aggregate events.
messagestringA template string where {{.Interval}} and {{.Count}} are available for constructing a meaningful message.

Example: handler file

id: handler-id
topic: topic-name
kind: aggregate
  interval: 300000000000
  topic: agg_5m
  message: '{{.Count}} new events in the last {{.Interval}}'

Using the aggregate event handler

The aggregate event handler subscribes to a topic and aggregates messages published to that topic at specified intervals. The TICKscript below, cpu_alert.tick, publishes alerts to the cpu topic if CPU idle usage is less than 10% (or CPU usage is greater than 90%).


      .crit(lambda: "usage_idle" < 10)

Add and enable this TICKscript with the following:

kapacitor define cpu_alert -tick cpu_alert.tick
kapacitor enable cpu_alert

Create a new handler file, aggregated_cpu_alerts.yaml, using the aggregate event handler that subscribes to the cpu topic, aggregates alerts from the last 10 minutes, and publishes aggregated messages to a new aggr_cpu topic. Handler files can be YAML or JSON.


id: aggr_cpu_alerts_10m
topic: cpu
kind: aggregate
  interval: 600000000000
  topic: aggr_cpu
  message: '{{.Count}} CPU alerts in the last {{.Interval}}'

Add the handler file:

kapacitor define-topic-handler aggr_cpu_alerts_10m.yaml

Aggregated CPU alert messages will be published to the aggr_cpu topic every 10 minutes. Further handling of the aggregated events can be configured on the aggr_cpu topic.

Was this page helpful?

Thank you for your feedback!

Linux Package Signing Key Rotation

All signed InfluxData Linux packages have been resigned with an updated key. If using Linux, you may need to update your package configuration to continue to download and verify InfluxData software packages.

For more information, see the Linux Package Signing Key Rotation blog post.