This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#chained watch for anomalies across jobs" | |
POST _xpack/watcher/watch/_execute | |
{ | |
"watch": { | |
"trigger": { | |
"schedule": { | |
"interval": "1m" | |
} | |
}, | |
"metadata": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#record farequote watch with link to Single Metric Viewer | |
POST _xpack/watcher/watch/_execute | |
{ | |
"watch": { | |
"trigger": { | |
"schedule": { | |
"interval": "5m" | |
} | |
}, | |
"metadata": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#example chain watch passing array of results | |
POST _xpack/watcher/watch/_execute | |
{ | |
"watch": { | |
"trigger": { | |
"schedule": { | |
"interval": "5m" | |
} | |
}, | |
"input": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
time | value | |
---|---|---|
1546300800000 | 1 | |
1546301100000 | 2 | |
1546301400000 | 3 | |
1546301700000 | 4 | |
1546302000000 | 5 | |
1546302300000 | 6 | |
1546302600000 | 7 | |
1546302900000 | 8 | |
1546303200000 | 9 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#watch that counts number of anomalies and number of docs in an index | |
POST _xpack/watcher/watch/_execute | |
{ | |
"watch": { | |
"trigger": { | |
"schedule": { | |
"interval": "5m" | |
} | |
}, | |
"metadata": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST _watcher/watch/_execute | |
{ | |
"watch": { | |
"trigger": { | |
"schedule": { | |
"interval": "5m" | |
} | |
}, | |
"input": { | |
"search": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#==== a filtered search with one aggregation | |
GET filebeat-6.1.0-2017-elasticco-anon/_search | |
{ | |
"size": 0, | |
"query": { | |
"bool": { | |
"filter": { | |
"range": { | |
"nginx.access.body_sent.bytes": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST _watcher/watch/_execute | |
{ | |
"watch": { | |
"trigger": { | |
"schedule": { | |
"interval": "5m" | |
} | |
}, | |
"input": { | |
"chain": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#chained watch for combinine anomaly scores across jobs | |
POST _watcher/watch/_execute | |
{ | |
"watch": { | |
"trigger": { | |
"schedule": { | |
"interval": "1m" | |
} | |
}, | |
"metadata": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#only alert on critical anomalies with a delta of (actual-typical) > X | |
POST _watcher/watch/_execute | |
{ | |
"watch": { | |
"trigger": { | |
"schedule": { | |
"interval": "5m" | |
} | |
}, | |
"metadata": { |
OlderNewer