Skip to content

Instantly share code, notes, and snippets.

@alvarolobato
Created May 18, 2018 07:59
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save alvarolobato/e4beb0ef4e2951516a484080514b5442 to your computer and use it in GitHub Desktop.
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"apm*"
],
"types": [],
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"term": {
"context.service.name": "{{ctx.metadata.serviceName}}"
}
},
{
"term": {
"processor.event": "error"
}
},
{
"range": {
"@timestamp": {
"gte": "{{ctx.metadata.timeRange}}"
}
}
}
]
}
},
"aggs": {
"error_groups": {
"terms": {
"min_doc_count": "{{ctx.metadata.threshold}}",
"field": "error.grouping_key",
"size": 10,
"order": {
"_count": "desc"
}
},
"aggs": {
"sample": {
"top_hits": {
"_source": [
"error.log.message",
"error.exception.message",
"error.exception.handled",
"error.culprit",
"error.grouping_key",
"@timestamp"
],
"sort": [
{
"@timestamp": "desc"
}
],
"size": 1
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "return ctx.payload.aggregations.error_groups.buckets.length > 0",
"lang": "painless"
}
},
"actions": {
"log_error": {
"logging": {
"level": "info",
"text": "Your service \"{{ctx.metadata.serviceName}}\" has error groups which exceeds {{ctx.metadata.threshold}} occurrences within \"{{ctx.metadata.timeRangeHumanReadable}}\"<br/><br/>{{#ctx.payload.aggregations.error_groups.buckets}}<br/><strong>{{sample.hits.hits.0._source.error.log.message}}{{^sample.hits.hits.0._source.error.log.message}}{{sample.hits.hits.0._source.error.exception.message}}{{/sample.hits.hits.0._source.error.log.message}}</strong><br/>{{sample.hits.hits.0._source.error.culprit}}{{^sample.hits.hits.0._source.error.culprit}}N/A{{/sample.hits.hits.0._source.error.culprit}}<br/>{{doc_count}} occurrences<br/>{{/ctx.payload.aggregations.error_groups.buckets}}"
}
},
"slack_webhook": {
"webhook": {
"scheme": "https",
"host": "hooks.slack.com",
"port": 443,
"method": "post",
"path": "{{ctx.metadata.slackUrlPath}}",
"params": {},
"headers": {
"Content-Type": "application/json"
},
"body": "{\"text\":\"Your service \\\"{{ctx.metadata.serviceName}}\\\" has error groups which exceeds {{ctx.metadata.threshold}} occurrences within \\\"{{ctx.metadata.timeRangeHumanReadable}}\\\"\\n{{#ctx.payload.aggregations.error_groups.buckets}}\\n>*{{sample.hits.hits.0._source.error.log.message}}{{^sample.hits.hits.0._source.error.log.message}}{{sample.hits.hits.0._source.error.exception.message}}{{/sample.hits.hits.0._source.error.log.message}}*\\n>{{#sample.hits.hits.0._source.error.culprit}}`{{sample.hits.hits.0._source.error.culprit}}`{{/sample.hits.hits.0._source.error.culprit}}{{^sample.hits.hits.0._source.error.culprit}}N/A{{/sample.hits.hits.0._source.error.culprit}}\\n>{{doc_count}} occurrences\\n{{/ctx.payload.aggregations.error_groups.buckets}}\"}"
}
},
"email": {
"email": {
"profile": "standard",
"to": [
"{{ctx.metadata.emails}}"
],
"subject": "\"{{ctx.metadata.serviceName}}\" has error groups which exceeds the threshold",
"body": {
"html": "Your service \"{{ctx.metadata.serviceName}}\" has error groups which exceeds {{ctx.metadata.threshold}} occurrences within \"{{ctx.metadata.timeRangeHumanReadable}}\"<br/><br/>{{#ctx.payload.aggregations.error_groups.buckets}}<br/><strong>{{sample.hits.hits.0._source.error.log.message}}{{^sample.hits.hits.0._source.error.log.message}}{{sample.hits.hits.0._source.error.exception.message}}{{/sample.hits.hits.0._source.error.log.message}}</strong><br/>{{sample.hits.hits.0._source.error.culprit}}{{^sample.hits.hits.0._source.error.culprit}}N/A{{/sample.hits.hits.0._source.error.culprit}}<br/>{{doc_count}} occurrences<br/>{{/ctx.payload.aggregations.error_groups.buckets}}"
}
}
}
},
"metadata": {
"emails": "your@email.com",
"slackUrlPath": "/services/<redacted>/<redacted>",
"threshold": 1,
"trigger": "This value must be changed in trigger section",
"serviceName": "opbeans-node",
"timeRangeHumanReadable": "1m",
"timeRange": "now-1m"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment