Alerting on Run Failures

Kris_Felscher · September 8, 2023, 3:13pm

We have a scheduled app that performs a nightly processing job across several different target "markets".

I'm trying to figure out how to fire off an alert when a market fails to run.

So, let's say I typically see the following events every night:

{"market" : "MarketA", "message" : "Processing Started"}
{"market" : "MarketB", "message" : "Processing Started"}
{"market" : "MarketC", "message" : "Processing Started"}

But then one night, I only get:

{"market" : "MarketA", "message" : "Processing Started"}
{"market" : "MarketC", "message" : "Processing Started"}

Is there any way to fire an alert saying "Market B Failed to Run", or will I need to create an alert for each market individually that checks for zero messages over a 24 hour period?

richcollier · September 11, 2023, 11:46pm

Yes, you can do this with Watcher.

The main concept is to first query and count (with a terms aggregation) for each "market" from some prior timeframe (i.e. yesterday) and then query and count (again with a terms aggregation)for each "market" from some recent timeframe (i.e. today) and compare the two with a bucket selector. If there are "markets" that existed yesterday, but not today, then alert on that entity.

A similar example, but instead the "entity" here is an elasticsearch index:

gist.github.com

https://gist.github.com/richcollier/32d291d9b960d903864113a211dbbb23

detect_missing_data.txt

POST _watcher/watch/_execute
{
  "watch": {
    "trigger": {
      "schedule": {
        "interval": "1d"
      }
    },
    "metadata": {
      "longer_time": "2d/d",

This file has been truncated. show original

system · October 9, 2023, 11:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.