Alerting passing from Fired==>OK

pasqualecapalbo · March 23, 2020, 6:49am

Hi All,
I'm trying to implement a simple watcher that send an email when trigger itself change from Fired to OK status; I'm looking in .watcher-history* index to find some useful column, but didn't find any clue.
Can you help me ?
Thanks in advance.
Lino

spinscale · March 23, 2020, 10:41am

Hey,

can you explain your use-case instead of talking about watch internals, this way we may find another solution and also understand the problem in more detail.

--Alex

pasqualecapalbo · March 23, 2020, 1:50pm

Hi Alexander,
my use case is simple: notify user by email when a certain measure, acquired by Logstash jdbc connection to an Oracle DB and stored in a specifc index, return in a specific range. Clearly I found the way to notify user that measure exceed a specific range but, how can I notify user when that measure go back under specif range ?
I hope I was clear.

Lino

spinscale · March 23, 2020, 3:52pm

Hey,

yeah, that makes sense. How about having two watches, each querying the last watcher history entry and the regular query and thus allowing you to decide in the condition if you need a 'everything back ok' or a 'things are broken, send an email' type of things?

--Alex

pasqualecapalbo · March 23, 2020, 4:06pm

Alex,
thanks for your suggestion, my idea was to have two watchers that controlled each transition state but I can't understand which index and which columns to use in their respective controls. Could you please give me a practical example? You will be grateful ...

Thanks in advance,
Lino

Lino_Capalbo · April 1, 2020, 6:22am

Hi All,
I am continuing with the implementation of a watcher that can serve the purpose and I am well advanced.
However, I wonder if it is possible to write the source component of the scripts by breaking the code over several lines. It is almost impossible to write the code on one line. Is there a simple way or not to do it?
Thanks.
Lino

spinscale · April 3, 2020, 1:31pm

There is a trick for kibana, as kibana is converting this back to a single line JSON every time it is sent to Elasticsearch. You can use triple ticks

"script" : """
foo = "abc";
bar = "def";
return foo != bar;
"""

hope this helps as a start!

pasqualecapalbo · April 3, 2020, 3:00pm

Unfortunately It doesn't seams to work; here's the code:

"condition": {
    "script": {
      "source": """
        ArrayList arr = ctx.payload.aggregations.my_buckets.buckets;
        if (arr.length == 0) return false; 
        for (int i = 0; i < arr.length; i++) 
        { 
            if (arr[i].key.salary > params.threshold ) 
            { 
                ctx.vars.check_salary = arr[i].key.salary;ctx.vars.check_id = arr[i].key.employee_id;return true;
            } 
            
        } 
        return false;
        """,
      "lang": "painless",

The message, on the line with source: statement is "Expected ',' instead of '"'

Any help would be appreciated.

Thanks,
Lino

spinscale · April 6, 2020, 1:15pm

can you share the full request, that you send to kibana and the full exception?

Thanks!

system · May 4, 2020, 1:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.