Many thanks for your help.
I'm afraid I cannot get it right. I am still confused with Prometheus' aggregates etc. Can you help me further?
I am using the Node Exporter version 0.18.1 that comes packaged with Ubuntu 20.04, which I believe is using the apt.sh collector. The metrics I am getting for apt_upgrades_pending over a few days are:
{instance="MyHostname",job="node-exporter"}
{arch="amd64",instance="MyHostname",job="node-exporter",origin="Ubuntu:20.04/focal-updates,Ubuntu:20.04/focal-security"}
{arch="amd64",instance="MyHostname",job="node-exporter",origin="Ubuntu:20.04/focal-updates"}
{arch="all",instance="MyHostname",job="node-exporter",origin="Ubuntu:20.04/focal-updates,Ubuntu:20.04/focal-security"}
{arch="all",instance="MyHostname",job="node-exporter",origin="Ubuntu:20.04/focal-updates"}
{arch="all",instance="MyHostname",job="node-exporter",origin="Ubuntu:20.04/focal-updates"}
I thought arch="all" would include all categories, but look at this scrape:
apt_upgrades_pending{arch="all",origin="Ubuntu:20.04/focal-updates"} 5
apt_upgrades_pending{arch="all",origin="Ubuntu:20.04/focal-updates,Ubuntu:20.04/focal-security"} 3
apt_upgrades_pending{arch="amd64",origin="Ubuntu:20.04/focal-updates"} 2
apt_upgrades_pending{arch="amd64",origin="Ubuntu:20.04/focal-updates,Ubuntu:20.04/focal-security"} 27
And this other scrape:
apt_upgrades_pending{arch="amd64",origin="Ubuntu:20.04/focal-updates"} 10
Those scrapes are for the same computer.
Sometimes, arch="all" is there, sometimes not. I am guessing that which arch="xxx" and origin="xxx" metrics are returned depends on which updates are available at that point in time.
This is the alert you suggested:
min_over_time(apt_upgrades_pending[48h]) > 0
I tested it, and I am getting many alerts for each computer.
For the purposes of this alert, I guess I could group (sum) all those 'apt_upgrades_pending' values by 'instance', before applying 'min_over_time', but I cannot get the expression right.
Thanks in advance,
rdiez