I’ll address your questions one at a time.
I think 10 mins ago will be the value of the Evaluation offset if I am not wrong, but UNTILL 9mins ago why it is included in it ?
Our Alerts evaluation system only looks at one single minute at a time. So, whatever you have evaluation offset set to will be the
SINCE value, and the
UNTIL value will always be one less than that – this defines the single minute which the alerts evaluation system looks at.
Also One more Question, when I get the email I don’t see the Spike on the Chart and also the time cant be seen. Why is it So ?
Like Incident Report Time Was : 12:19
I have attached the report when the Incident was Triggered.
Keep in mind that the preview chart is exactly that – it’s not a report, but rather it’s a chart to help you understand when your data stream would have opened a violation.
The reason there is a delay is due to the evaluation offset. Since the system is waiting 10 minutes before it evaluates the data (this is to ensure that all the data is present), a data spike that breaches the threshold will result in a violation X minutes later (where X is your evaluation offset value).
Since both of these questions are around evaluation offset, I would suggest reading the article I wrote about data latency (which is the entire reason you would want to set a higher value for evaluation offset). You can find that article at this link.
I hope that my answers help to clarify how evaluation offset works. Let me know if more questions crop up!