Created
January 12, 2019 00:13
-
-
Save cmgurba/c35fac819b256d7126bf451933570fc6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "actions": { | |
| "email_html_alarm_d0a8261b-98de-4c70-becf-b0aa95dc31d5": { | |
| "name": "Test TPF Alert", | |
| "throttle_period": "2m", | |
| "email_html": { | |
| "stateless": false, | |
| "subject": "Basic test email", | |
| "priority": "high", | |
| "html": "<p>There are {{payload.hits.total}} results found by the watcher <i>{{watcher.title}}</i>.</p>\n\n<div style=\"color:grey;\">\n <hr />\n <p>This watcher sends alerts based on the following criteria:</p>\n <p>kubernetes.labels.app_component:\"api\" AND log:\"INFO\"</p> See results here: http://kibana.c2fo.com/app/kibana#/discover?_=(columns:!(log,kubernetes.namespace_name,kubernetes.pod_name),index:'2a67d7f0-8f59-11e8-8295-bf2eb4da0657',interval:auto,query:(language:lucene,query:'kubernetes.labels.app_component:\"api\"%20AND%20log:\"INFO\"'),sort:!(estimestamp,desc))</div>", | |
| "to": "chris.gurba@c2fo.com", | |
| "from": "kibana-logging@c2fo.com" | |
| } | |
| } | |
| }, | |
| "input": { | |
| "search": { | |
| "request": { | |
| "index": [ | |
| "fluent-bit-logstash-*" | |
| ], | |
| "body": { | |
| "query": { | |
| "bool": { | |
| "must": [ | |
| { | |
| "query_string": { | |
| "query": "kubernetes.labels.app_component:\"api\" AND log:\"INFO\"" | |
| } | |
| } | |
| ], | |
| "filter": { | |
| "range": { | |
| "estimestamp": { | |
| "gte": "now-2m/m", | |
| "lte": "now/m", | |
| "format": "epoch_millis" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "size": 0, | |
| "aggs": { | |
| "dateAgg": { | |
| "date_histogram": { | |
| "field": "estimestamp", | |
| "time_zone": "America/Chicago", | |
| "interval": "1s", | |
| "min_doc_count": 1 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "condition": { | |
| "script": { | |
| "script": "payload.aggregations.dateAgg.buckets.some(b => b.doc_count>=0)" | |
| } | |
| }, | |
| "trigger": { | |
| "schedule": { | |
| "later": "every 2 minutes" | |
| } | |
| }, | |
| "disable": false, | |
| "report": false, | |
| "title": "Test TPF Alert", | |
| "wizard": {}, | |
| "save_payload": false, | |
| "spy": false, | |
| "impersonate": false | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment