Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@richcollier

richcollier/alert_on_entity_in_an_interval.txt

Last active December 21, 2022 15:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save richcollier/eeb6d6f98599ac77fea69a684debe647 to your computer and use it in GitHub Desktop.
Save richcollier/eeb6d6f98599ac77fea69a684debe647 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
alert_on_entity_in_an_interval.txt
#alert on a specific entity during a time interval with a value of a field > X
POST _watcher/watch/_execute
{
"watch": {
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"indices": [
"farequote"
],
"body": {
"aggs": {
"data_aggs_interval": {
"date_histogram": {
"field": "@timestamp",
"fixed_interval": "1d"
},
"aggs": {
"tag_names": {
"terms": {
"field": "airline",
"size": 20
},
"aggs": {
"avg_resp": {
"avg": {
"field": "responsetime"
}
}
}
}
}
}
}
}
}
}
},
"condition": {
"script": """
for (def interval : ctx.payload.aggregations.data_aggs_interval.buckets) {
for (def tag : interval.tag_names.buckets) {
if (tag.key == "AAL" && tag.avg_resp.value > 110) {
return true;
}
}
}
"""
},
"actions": {
"log": {
"transform": {
"script": """
def failed_tags = new ArrayList();
for (def interval : ctx.payload.aggregations.data_aggs_interval.buckets) {
for (def tag : interval.tag_names.buckets) {
if (tag.key == "AAL" && tag.avg_resp.value > 110) {
def failed_tag = new HashMap();
failed_tag.put("date",interval.key_as_string);
failed_tag.put("tag_name",tag.key);
failed_tag.put("avg_resp",tag.avg_resp.value);
failed_tags.add(failed_tag);
}
}
}
return failed_tags;"""
},
"logging": {
"text": """
Result:
==========
{{#ctx.payload._value}}
airline={{tag_name}} exceeded threshold with responsetime={{avg_resp}} at {{date}}
{{/ctx.payload._value}}
"""
}
}
}
}
}
@richcollier
Copy link
Author

richcollier commented Dec 21, 2022
edited 

      "actions": [
        {
          "id": "log",
          "type": "logging",
          "status": "success",
          "transform": {
            "type": "script",
            "status": "success",
            "payload": {
              "_value": [
                {
                  "date": "2021-02-09T00:00:00.000Z",
                  "tag_name": "AAL",
                  "avg_resp": 117.18390918918918
                }
              ]
            }
          },
          "logging": {
            "logged_text": """
Result:
==========
		airline=AAL exceeded threshold with responsetime=117.18390918918918 at 2021-02-09T00:00:00.000Z

"""
          }
        }
      ]

@richcollier
Copy link
Author

Example uses this data: https://raw.githubusercontent.com/PacktPublishing/Machine-Learning-with-the-Elastic-Stack/master/example_data/farequote.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment