What is the "duration" value in the PromQL alert interface in SysDig
According to SysDig documentation,
Duration: Specify the time window for evaluating the alert condition in minutes, hour, or day. The alert will be triggered if the query returns data for the specified duration.
I am afraid I do not understand what changing this value will actually do. In the example below, I am checking if a cron job has been taking over 10 minutes to execute. Will modifying "duration" change alert update frequency, i.e. the condition will be checked every 20 minutes?
The query you're using as an alert will be evaluated depending on the sysdig agent's scrape interval for your account (which is usually less than 1m).
If during the interval of 20 min, that query returns data, then the alert will be triggered. So you're fine with those 20 min for the duration of the alert.