Skip to content

Instantly share code, notes, and snippets.

@richcollier

richcollier/simple_terms_agg_threshold.txt

Created June 19, 2022 10:25
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save richcollier/13c8659e2102c2bbff7f3820c300c8a1 to your computer and use it in GitHub Desktop.
Save richcollier/13c8659e2102c2bbff7f3820c300c8a1 to your computer and use it in GitHub Desktop.
Download ZIP
Watch with simple terms agg and threshold
Raw
simple_terms_agg_threshold.txt
POST _watcher/watch/_execute
{
"watch": {
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"indices": [
"farequote"
],
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "now-5y"
}
}
}
]
}
},
"aggs": {
"airlines": {
"terms": {
"field": "airline",
"size": 20
},
"aggs": {
"max_responsetime": {
"max": {
"field": "responsetime"
}
}
}
}
}
}
}
}
},
"condition": {
"script": """
return ctx.payload.aggregations.airlines.buckets.stream()
.filter(airlines -> airlines.max_responsetime.value > 3000)
.count() > 0
"""
},
"actions": {
"log": {
"transform": {
"script": """
return ctx.payload.aggregations.airlines.buckets.stream()
.filter(airlines -> airlines.max_responsetime.value > 3000)
.collect(Collectors.toList());
"""
},
"logging": {
"text": """
{{#ctx.payload._value}}
airline={{key}} exceeded 3sec threshold with responsetime={{max_responsetime.value}}
{{/ctx.payload._value}}
"""
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment