Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Heartbeat ICMP Alerting with Elastic X-Pack Watcher
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"heartbeat-*"
],
"types": [],
"body": {
"size": 0,
"query": {
"bool": {
"must": [
{
"term": {
"monitor.status": {
"value": "down"
}
}
}
],
"filter": [
{
"range": {
"@timestamp": {
"from": "now-1m"
}
}
}
]
}
},
"aggregations": {
"by_monitors": {
"terms": {
"field": "monitor.id",
"size": 10,
"min_doc_count": 1
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"notify-slack": {
"throttle_period_in_millis": 900000,
"slack": {
"account": "monitoring",
"message": {
"from": "Heartbeat",
"text": "Some hosts are unresponsive.",
"dynamic_attachments": {
"list_path": "ctx.payload.aggregations.by_monitors.buckets",
"attachment_template": {
"color": "warning",
"title": "{{key}}",
"text": "Total events: {{doc_count}}"
}
}
}
}
}
}
}
https://twitter.com/Krohbird/status/849749788920877056
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment