Kibana alerter for Dashing

config.yml

kibana_host: logstash.openstack.org
alerts:
  messagealert2:
    field: message
    query: eyJzZWFyY2giOiIiLCJmaWVsZHMiOltdLCJvZmZzZXQiOjAsInRpbWVmcmFtZSI6OTAwLCJncmFwaG1vZGUiOiJjb3VudCJ9
    limit: 10

kibana_alerter.rb

require 'uri'
require 'net/http'
require 'json'
require 'yaml'
require 'net/smtp'

APP_CONFIG = YAML.load_file('config.yml')
$kibana_host = APP_CONFIG['kibana_host']
$mail_from = APP_CONFIG['mail_from']
$mail_subject = APP_CONFIG['mail_subject']
alerts = APP_CONFIG['alerts']

def build_url(analyze_on, query_hash)
  url = "http://#{$kibana_host}/api/analyze/" + analyze_on + "/trend/" + query_hash
  url
end

def create_alerts(data, limit=1)
    puts(JSON.pretty_generate(data))
    puts("-----------------------")
  data['hits']['hits'].each do |k, v|

    if k['count'] > limit
      message = "#{k['message']} is bigger than #{limit} at #{k['count']}."
      puts(message)
    end
  end
end

alerts.each do |key, value|
  analyze_on = value['field']
  query_hash = value['query']

  url = build_url(analyze_on, query_hash)

  uri = URI.parse(url)
  response = Net::HTTP.get_response(uri).body
  data = JSON.parse(response)
  if value.has_key?('limit')
    create_alerts(data, value['limit'])
  else
    create_alerts(data)
  end

end