Skip to content

Instantly share code, notes, and snippets.

@yuwtennis

yuwtennis/search.txt

Last active March 5, 2022 05:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yuwtennis/7a872b1fbeb99d27168acc98f0fa4924 to your computer and use it in GitHub Desktop.
Save yuwtennis/7a872b1fbeb99d27168acc98f0fa4924 to your computer and use it in GitHub Desktop.
Download ZIP
Example cost spike monitoring
Raw
search.txt
GET invoices/_search
{
"size": 0,
"query": {"match_all": {} },
"aggs": {
"amount_by_month": {
"date_histogram": {
"field": "date",
"interval": "month",
"order": {
"_key": "asc"
}
},
"aggs": {
"total_amount": {
"sum": {
"field": "amount"
}
},
"derivative": {
"derivative": {
"buckets_path": "total_amount"
}
}
}
}
}
}
Raw
search_result
#! Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.16/security-minimal-setup.html to enable security.
#! [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 4,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"amount_by_month" : {
"buckets" : [
{
"key_as_string" : "2022-01-01T00:00:00.000Z",
"key" : 1640995200000,
"doc_count" : 1,
"total_amount" : {
"value" : 50.0
}
},
{
"key_as_string" : "2022-02-01T00:00:00.000Z",
"key" : 1643673600000,
"doc_count" : 1,
"total_amount" : {
"value" : 200.0
},
"derivative" : {
"value" : 150.0
}
},
{
"key_as_string" : "2022-03-01T00:00:00.000Z",
"key" : 1646092800000,
"doc_count" : 2,
"total_amount" : {
"value" : 600.0
},
"derivative" : {
"value" : 400.0
}
}
]
}
}
}
Raw
watcher
PUT _watcher/watch/spike_monitoring
{
"metadata" : {
"color" : "red"
},
"trigger" : {
"schedule" : {
"interval" : "1m"
}
},
"input" : {
"chain": {
"inputs": [
{
"init": {
"search" : {
"request" : {
"indices" : "invoices",
"body" : {
"size": 0,
"query": {"match_all": {} },
"aggs": {
"amount_by_month": {
"date_histogram": {
"field": "date",
"interval": "month",
"order": {
"_key": "asc"
}
},
"aggs": {
"total_amount": {
"sum": {
"field": "amount"
}
}
}
}
}
}
}
}
}
},
{
"enrich": {
"transform": {
"script": """
double spike = ctx.payload.init.aggregations.amount_by_month.buckets[-1].total_amount.value / ctx.payload.init.aggregations.amount_by_month.buckets[-2].total_amount.value;
return ['spike': spike]
"""
}
}
}
]
}
},
"condition" : {
"compare" : { "ctx.payload.enrich.spike" : { "gt" : 1.3 }}
},
"transform" : {},
"actions" : {
"log" : {
"logging" : {
"text" : "executed at {{ctx.execution_time}}. is_spiked true value: {{ctx.payload.enrich.spike}}"
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment