pmuellr/whole-lotta-alerts.sh

## whole-lotta-alerts.sh
#!/usr/bin/env bash

# creates a number of alerts with a server-log action

# Note that default alerttype - test.always-firing is part of the
# alerting function tests, and writes documents to the index $GARBAGE_INDEX_NAME
# specified below (it's uses it productively in tests, but not useful here).
# So, if you use this default alerttype, you should be pointing your $KBN_URLBASE to
# a Function Test Server.

# requires the following:
#   jq:         https://stedolan.github.io/jq/download/
#   kbn-action: https://github.com/pmuellr/kbn-action/blob/master/README.md

# to delete the all the alerts and actions, use the following, presumably when you're done:
#   kbn-action ls | jq -r '.data | .[] | .id' | xargs -L 1 kbn-action delete
#   kbn-alert  ls | jq -r '.data | .[] | .id' | xargs -L 1 kbn-alert  delete

# you can set the Kibana URL via env var like:
#   export KBN_URLBASE=https://elastic:changeme@localhost:5601

# After running this, use es-apm-sys-sim to generate data for the alert:
#   npm -g install pmuellr/es-apm-sys-sim

# overridable params via env vars
ALERTS=${ALERTS:-2}
ALERT_INTERVAL=${ALERT_INTERVAL:-1s}

# use the date in the action/alert descriptions
DATE=`date`

# create a new server-log action (writes a line to the Kibana log)
ACTION_ID=`kbn-action create .server-log "server-log $DATE" '{}' '{}' | jq -r '.id'`

# note that we create each alert in the background, because they take too long
# to create serially
for (( i=1; i<=$ALERTS; i++ ))
do
    kbn-alert create \
      .index-threshold \
      "stressing index-threshold $i/$ALERTS" \
      $ALERT_INTERVAL \
      "{
        index:               ['es-apm-sys-sim'],
        timeField:           '@timestamp',
        aggType:             'avg',
        aggField:            'system.cpu.total.norm.pct',
        groupBy:             'top',
        termSize:            100,
        termField:           'host.name.keyword',
        timeWindowSize:      5,
        timeWindowUnit:      's',
        thresholdComparator: '>',
        threshold:           [0.5]
       }" \
      "[
        {
          group:     'threshold met'
          id:        '${ACTION_ID}'
          params: {
          	level:   'info',
          	message: 'alert $i: {{context.message}}'
          }
        }
      ]" \
      &
done
	#!/usr/bin/env bash

	# creates a number of alerts with a server-log action

	# Note that default alerttype - test.always-firing is part of the
	# alerting function tests, and writes documents to the index $GARBAGE_INDEX_NAME
	# specified below (it's uses it productively in tests, but not useful here).
	# So, if you use this default alerttype, you should be pointing your $KBN_URLBASE to
	# a Function Test Server.

	# requires the following:
	# jq: https://stedolan.github.io/jq/download/
	# kbn-action: https://github.com/pmuellr/kbn-action/blob/master/README.md

	# to delete the all the alerts and actions, use the following, presumably when you're done:
	# kbn-action ls \| jq -r '.data \| .[] \| .id' \| xargs -L 1 kbn-action delete
	# kbn-alert ls \| jq -r '.data \| .[] \| .id' \| xargs -L 1 kbn-alert delete

	# you can set the Kibana URL via env var like:
	# export KBN_URLBASE=https://elastic:changeme@localhost:5601

	# After running this, use es-apm-sys-sim to generate data for the alert:
	# npm -g install pmuellr/es-apm-sys-sim

	# overridable params via env vars
	ALERTS=${ALERTS:-2}
	ALERT_INTERVAL=${ALERT_INTERVAL:-1s}

	# use the date in the action/alert descriptions
	DATE=`date`

	# create a new server-log action (writes a line to the Kibana log)
	ACTION_ID=`kbn-action create .server-log "server-log $DATE" '{}' '{}' \| jq -r '.id'`

	# note that we create each alert in the background, because they take too long
	# to create serially
	for (( i=1; i<=$ALERTS; i++ ))
	do
	kbn-alert create \
	.index-threshold \
	"stressing index-threshold $i/$ALERTS" \
	$ALERT_INTERVAL \
	"{
	index: ['es-apm-sys-sim'],
	timeField: '@timestamp',
	aggType: 'avg',
	aggField: 'system.cpu.total.norm.pct',
	groupBy: 'top',
	termSize: 100,
	termField: 'host.name.keyword',
	timeWindowSize: 5,
	timeWindowUnit: 's',
	thresholdComparator: '>',
	threshold: [0.5]
	}" \
	"[
	{
	group: 'threshold met'
	id: '${ACTION_ID}'
	params: {
	level: 'info',
	message: 'alert $i: {{context.message}}'
	}
	}
	]" \
	&
	done