404 Watcher with Java API

alerting

(James Fadeley) #1

Alright. I am trying to set up a watcher that emails me whenever I get a 404 on Elasticsearch. I've really been hacking away at this for a while and I'm exhausted. Relevant info:

JDK: 1.8
ElasticSearch: 2.4

I have a SpringBoot application that injects the watcher into ES. I can confirm that ES is taking the watcher as when I go to http://localhost:9200/.watches/_search I get:

{"took":3,"timed_out":false,"_shards":{"total":1,"successful":1,"failed":0},"hits":{"total":1,"max_score":1.0,"hits":[{"_index":".watches","_type":"watch","_id":"404-watch","_score":1.0,"_source":{"trigger":{"schedule":{"cron":"0 0/1 * * * ?"}},"input":{"search":{"request":{"search_type":"query_then_fetch","indices":["_all"],"types":[],"body":{"query":{"bool":{"must":{"match":{"response":{"query":404,"type":"boolean"}}},"filter":[{"range":{"date":{"from":"{{ctx.trigger.scheduled_time}}","to":null,"include_lower":false,"include_upper":true}}},{"range":{"date":{"from":null,"to":"{{ctx.trigger.triggered_time}}","include_lower":true,"include_upper":false}}}]}}},"indices_options":{"expand_wildcards":"open","ignore_unavailable":false,"allow_no_indices":true}}}},"condition":{"script":{"inline":"ctx.payload.hits.total > 1"}},"actions":{"email_someone":{"email":{"profile":"standard","to":["X@X.com"],"subject":"I am not the page you're looking for."}}},"_status":{"state":{"active":true,"timestamp":"2016-11-30T16:30:29.616Z"},"actions":{"email_someone":{"ack":{"timestamp":"2016-11-30T16:30:29.616Z","state":"awaits_successful_execution"}}}}}}]}}

Where X@X.com is my email address.

I get no hints from ES logging. There's no indication that it is failing, but I am not receiving any emails from random 404 indices like "localhost:9200/whatever" My Java code is as follows:

package audit;

//Prime source: https://www.elastic.co/guide/en/watcher/current/api-java.html
public class AuditWatcher {	
	
	//Any TransportAddress object will probably do.	
	public InetAddress getInetAddress(){
		InetAddress address = null;
		try {
			address = InetAddress.getByName("localhost"); //Move to Spring profile setting?
		} catch (UnknownHostException e) {
			e.printStackTrace();
		}
		return address;
	}
	
	//Constructs the client with settings for pushing watches.
	public TransportClient getTransportClient(){
		TransportClient tclient = TransportClient.builder()
				.addPlugin(WatcherPlugin.class)
				.settings(Settings.builder()
					.put("cluster.name","hcsc-audit")
					.put("client.transport.ping_timeout", "30s")
					//.put("network.bind_host", "0")
					.build())
				.build()
				.addTransportAddress(new InetSocketTransportAddress(getInetAddress(), 9300)); //9200 is for HTTP
		return tclient;
	}
	
	public DeleteWatchResponse watcherDelete(String watch){
		WatcherClient watcherClient = new WatcherClient(getTransportClient());
		DeleteWatchResponse deleteWatch = watcherClient.prepareDeleteWatch(watch).get();
		return deleteWatch;
	}
	
	public PutWatchResponse watcher404() {
	WatcherClient watcherClient = new WatcherClient(getTransportClient());
	
	//Create Source builder, adds time.
	WatchSourceBuilder wsb = WatchSourceBuilders.watchBuilder();
	wsb.trigger(TriggerBuilders.schedule(Schedules.cron("0 0/1 * * * ?")));
	
	SearchRequest source = new SearchRequest();
	source.indices("_all");
	source.source(SearchSourceBuilder.searchSource().query(getBoolQuery()));
	
	wsb.input(new SearchInput(source, null, null, null));
	wsb.condition(new ScriptCondition(Script.inline("ctx.payload.hits.total > 1").build()));
	
	//Here's a watcher action. Email someone who cares. 	
	wsb.addAction("email_someone", getEmail()); 
	
	//Compare to: https://www.elastic.co/guide/en/watcher/current/api-rest.html
	PutWatchResponse putWatch = watcherClient.preparePutWatch("404-watch")
		.setSource(wsb)
		.get();
	
	return putWatch;
	
	}
	
	public BoolQueryBuilder getBoolQuery() {
		
		BoolQueryBuilder boolQuery = QueryBuilders.boolQuery();
		boolQuery.must(QueryBuilders.matchQuery("response", 404));
		boolQuery.filter(QueryBuilders.rangeQuery("date").gt("{{ctx.trigger.scheduled_time}}"));
		boolQuery.filter(QueryBuilders.rangeQuery("date").lt("{{ctx.trigger.triggered_time}}"));
		
		//System.out.println(boolQuery.toString());
		return boolQuery;
	}
	
	public EmailAction.Builder getEmail(){
		EmailTemplate.Builder emailBuild = EmailTemplate.builder();
		emailBuild.to("X@X.com");
		emailBuild.subject("I am not the page you're looking for.");
		System.out.println(emailBuild.toString());
		return(EmailAction.builder(emailBuild.build()));
	}
	

}

Thanks!


(Alexander Reelsen) #2

Hey,

you can check the watch history index and paste the latest entry? You can just search the index and sort by time.

--Alex


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.