Can anyome help to write how can write a scrit to trigger notification to a slack channel using below sample and how to add aggregations for this and conditon as well. Thanks
{
"trigger": {
"schedule": "60m"
}
},
"input":{
"search":{
"request": {
"search_type: "query_then_fetch",
"indices": [
"name-*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool" : {
"must": [
{
"query_string": {
"query": agent.name:prod AND metricset.name: "filesystem" AND system.filesystem.mount_point:"/var/log""
}
},
{
"range": {
"@timestamp" : {
"from" : "now-5m",
"to" : "now",
"include_lower" : true,
"include_upper" : true,
}
}
}
]
}
}
}
}
}
},
"condition": {
"compare: {
"ctx.payload.hits.total": {
"gte": 3
}
}
},
"actions": {
we are using slack channel for alert notification here
}
"transform": {
"script": {
"source": "def payload = ctx.payload; payload.interval_start = Instant.ofEpochMilli(ctx.trigger.triggered_time.getMills()).minusSeconds(minutes * 60); return payload;",
"lang": "painless"
}
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.