Skip to content

Instantly share code, notes, and snippets.

@richcollier

richcollier/ml_job_raw_data_summary_watch.json

Created July 18, 2019 11:32
Show Gist options
  • Save richcollier/b3bd9c6832902112617aa810503b1510 to your computer and use it in GitHub Desktop.
Save richcollier/b3bd9c6832902112617aa810503b1510 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ml_job_raw_data_summary_watch.json
#watch that counts number of anomalies and number of docs in an index
POST _xpack/watcher/watch/_execute
{
"watch": {
"trigger": {
"schedule": {
"interval": "5m"
}
},
"metadata": {
"watch_timespan" : "7d",
"job_name" : "a_kibana_sample_data_flights",
"job_min_record_score": 0
},
"input": {
"chain": {
"inputs": [
{
"ml_job": {
"search": {
"request": {
"indices": [
".ml-anomalies-*"
],
"body": {
"size":0,
"query": {
"bool": {
"filter": [
{ "range": { "timestamp": {"gte": "now-{{ctx.metadata.watch_timespan}}"}}},
{ "term": {"result_type": "record"}},
{ "term": {"job_id": "{{ctx.metadata.job_name}}"}},
{ "range": {"record_score": {"gte": "{{ctx.metadata.job_min_record_score}}"}}}
]
}
}
}
}
}
}
},
{
"raw_data": {
"search": {
"request": {
"indices": [
"kibana_sample_data_flights"
],
"body": {
"size":0,
"query": {
"bool": {
"filter": [
{ "range": { "timestamp": {"gte": "now-{{ctx.metadata.watch_timespan}}"}}}
]
}
}
}
}
}
}
}
]
}
},
"condition" : {
"script" : {
"source" : "return ctx.payload.ml_job.hits.total > 0 && ctx.payload.raw_data.hits.total > 0"
}
},
"actions": {
"log": {
"transform": {
"script": "return ['num_anomalies': ctx.payload.ml_job.hits.total,'num_docs':ctx.payload.raw_data.hits.total, '@timestamp': ctx.execution_time ]"
},
"logging": {
"text": "num_anomalies={{ctx.payload.num_anomalies}},num_docs={{ctx.payload.num_docs}} seen when executed at {{ctx.payload.@timestamp}} "
}
},
"index_payload": {
"transform": {
"script": "return ['num_anomalies': ctx.payload.ml_job.hits.total,'num_docs':ctx.payload.raw_data.hits.total, '@timestamp': ctx.execution_time ]"
},
"index": {
"index": "my-summary",
"doc_type": "_doc"
}
}
}
}
}
@richcollier
Copy link
Author

richcollier commented Jul 18, 2019
edited 

GET my-summary/_search

returns:

{
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 1,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "my-summary",
        "_type" : "_doc",
        "_id" : "USPXBGwBvJSK0DlwR-0I",
        "_score" : 1.0,
        "_source" : {
          "num_docs" : 7539,
          "num_anomalies" : 1,
          "@timestamp" : "2019-07-18T11:28:32.875Z"
        }
      }
    ]
  }
}

@richcollier
Copy link
Author

Obviously, one would make watch_timespan equal to the trigger interval for on-going execution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment