richcollier
richcollier
/ alert_on_delta_actual_typical
Created
July 31, 2020 17:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #only alert on critical anomalies with a delta of (actual-typical) > X | |
| POST _watcher/watch/_execute | |
| { | |
| "watch": { | |
| "trigger": { | |
| "schedule": { | |
| "interval": "5m" | |
| } | |
| }, | |
| "metadata": { |
richcollier
/ combine_anomaly_scores.json
Created
July 31, 2020 14:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #chained watch for combinine anomaly scores across jobs | |
| POST _watcher/watch/_execute | |
| { | |
| "watch": { | |
| "trigger": { | |
| "schedule": { | |
| "interval": "1m" | |
| } | |
| }, | |
| "metadata": { |
richcollier
/ alert_threshold_lookup.json
Last active
November 14, 2022 21:52
example watch with a lookup table of thresholds per term
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST _watcher/watch/_execute | |
| { | |
| "watch": { | |
| "trigger": { | |
| "schedule": { | |
| "interval": "5m" | |
| } | |
| }, | |
| "input": { | |
| "chain": { |
richcollier
/ alerting_examples.json
Created
October 25, 2019 13:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #==== a filtered search with one aggregation | |
| GET filebeat-6.1.0-2017-elasticco-anon/_search | |
| { | |
| "size": 0, | |
| "query": { | |
| "bool": { | |
| "filter": { | |
| "range": { | |
| "nginx.access.body_sent.bytes": { |
richcollier
/ ml_results_summary.json
Created
August 1, 2019 15:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST _watcher/watch/_execute | |
| { | |
| "watch": { | |
| "trigger": { | |
| "schedule": { | |
| "interval": "5m" | |
| } | |
| }, | |
| "input": { | |
| "search": { |
richcollier
/ ml_job_raw_data_summary_watch.json
Created
July 18, 2019 11:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #watch that counts number of anomalies and number of docs in an index | |
| POST _xpack/watcher/watch/_execute | |
| { | |
| "watch": { | |
| "trigger": { | |
| "schedule": { | |
| "interval": "5m" | |
| } | |
| }, | |
| "metadata": { |
richcollier
/ increment_test.csv
Created
June 7, 2019 15:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| time | value | |
|---|---|---|
| 1546300800000 | 1 | |
| 1546301100000 | 2 | |
| 1546301400000 | 3 | |
| 1546301700000 | 4 | |
| 1546302000000 | 5 | |
| 1546302300000 | 6 | |
| 1546302600000 | 7 | |
| 1546302900000 | 8 | |
| 1546303200000 | 9 |
richcollier
/ ml_record_querystring_watch.json
Created
July 31, 2018 18:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #example chain watch passing array of results | |
| POST _xpack/watcher/watch/_execute | |
| { | |
| "watch": { | |
| "trigger": { | |
| "schedule": { | |
| "interval": "5m" | |
| } | |
| }, | |
| "input": { |
richcollier
/ ml_record_watch.json
Last active
November 14, 2022 21:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #record farequote watch with link to Single Metric Viewer | |
| POST _xpack/watcher/watch/_execute | |
| { | |
| "watch": { | |
| "trigger": { | |
| "schedule": { | |
| "interval": "5m" | |
| } | |
| }, | |
| "metadata": { |
richcollier
/ insight_watch.json
Last active
April 1, 2022 15:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #chained watch for anomalies across jobs" | |
| POST _xpack/watcher/watch/_execute | |
| { | |
| "watch": { | |
| "trigger": { | |
| "schedule": { | |
| "interval": "1m" | |
| } | |
| }, | |
| "metadata": { |
NewerOlder