Creating dynamic watcher

Wilbert_Silverio · October 19, 2020, 5:07am

Hi All, we had a watcher wherein it sends us a notification when the transactions are going in per hour.

we wanted to create a dynamic watcher wherein it checks for the peak hours and checks during off-peak hours. Can someone help me on setting the time for peak /off peak hours and it will send a notification via email when the threshold for the peak or offpeak hours was met.

here is our initial watcher

{
  "trigger": {
    "schedule": {
      "interval": "5m"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "stats-p*"
        ],
        "types": [],
        "body": {
          "size": 0,
          "query": {
            "bool": {
              "filter": {
                "range": {
                  "@timestamp": {
                    "gte": "now-60m"
                  }
                }
              },
              "must": [
                {
                  "match": {
                    "category": "XSF"
                  }
                },
                {
                  "match": {
                    "customer": "customerX"
                  }
                },
                {
                  "match": {
                    "service_name": "TicketSv"
                  }
                }
              ],
          },
          "aggs": {
            "total_requests": {
              "sum": {
                "field": "request_count"
              }
            }
          }
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.aggregations.total_requests.value": {
        "eq": 0
      }
    }
  },
  "actions": {
    "send_email": {
      "email": {
        "profile": "standard",
        "to": [
          "<>"
        ]
}

spinscale · October 19, 2020, 11:31am

I'm not sure I get the request fully. What would help in your case is that you can configure conditions on a per action base. So you could have one action for the peak action and another one for off peak. Would that help?

Wilbert_Silverio · October 19, 2020, 11:45am

Hi Alexander, Yeah any idea how to do that? or how can i set the peak hours and off peak hours

spinscale · October 19, 2020, 11:56am

POST _watcher/watch/_execute
{
  "watch": {
    "trigger": {
      "schedule": {
        "interval": "10h"
      }
    },
    "input": {
      "simple": {
        "foo": "bar"
      }
    },
    "condition": {
      "script": "return ctx.trigger.triggered_time.getDayOfWeekEnum() == DayOfWeek.MONDAY"
    },
    "actions": {
      "logme": {
        "logging": {
          "text": "{{ctx.trigger.triggered_time}}"
        }
      }
    }
  }
}

You can also check for the hour of the day like ctx.trigger.triggered_time.hour > 5

Wilbert_Silverio · October 21, 2020, 7:06am

Hi Alexander, just wanted to ask if you have an idea wherein how to set my "query" to scan a different range of document (now-60 and now-15) everytime my cron runs at "0 0-15 9-20 * ? MON-SUN" and at "0 59 21-8 * ? MON-SUN" respectively.

{
	"trigger": {
		"schedule": {
			"cron": [
				"0 0-15 9-20 * ? MON-SUN",
				"0 59 21-8 * ? MON-SUN"
			]
		}
	},
	"input": {
		"search": {
			"request": {
				"search_type": "query_then_fetch",
				"indices": [
					"stats-p-*"
				],
				"types": [],
				"body": {
					"size": 0,
					"query": {
						"bool": {
							"filter": {
								"range": {
									"timestamp": {
										"time_zone": "+02:00",
										"gte": "now-15m"
									}
								},
								"timestamp": {
									"time_zone": "+02:00",
									"gte": "now-60m"
								}
							}
						},

spinscale · October 21, 2020, 8:03am

Having two watches might be the easiest alternative.

--Alex

Wilbert_Silverio · October 28, 2020, 1:02am

Hi Alex thanks for the recommendation, I decided to separate the watchers for peak and offpeak hrs.

I just ran into another problem (for offpeak hrs)

Here is my script

{
  "trigger": {
    "schedule": {
      "daily": {
        "at": [
          {
            "hour": [
              3,
              4,
              5,
              6,
              7,
              8,
              9,
              10,
              11,
              12
            ],
            "minute": [
              30,
              59
            ]
          }
        ]
      }
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "stats-p*"
        ],
        "types": [],
        "body": {
          "size": 0,
          "query": {
            "bool": {
              "filter": {
                "range": {
                  "timestamp": {
                    "gte": "now-60m"
                  }
                }
              },
              "must": [
                {
                  "match": {
                    "category": "XSF"
                  }
                },
                {
                  "match": {
                    "customer": "CustomerX"
                  }
                },
                {
                  "match": {
                    "service_name": "TicketingSv"
                  }
                }
              ]
            }
          },
          "aggs": {
            "total_requests": {
              "sum": {
                "field": "request_count"
              }
            }
          }
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.aggregations.total_requests.value": {
        "eq": 0
      }
    }
  },
  "actions": {
    "send_email": {
      "email": {
        "profile": "standard",
        "to": [
          "<test@test.com>"
        ],
        "subject": "TSC No Bookings during off peak hrs",
        "body": {
          "text": "TSC No Bookings during off peak hrs "
        }
      }
    }
  }
}

I simulate the test and it looks like the 'aggs' (aggregator) wasn't executed/read by the script

{
  "watch_id": "_inlined_",
  "node": "F2pqTIwlTLKLMi66FMZHbA",
  "state": "executed",
  "user": "top",
  "status": {
    "state": {
      "active": true,
      "timestamp": "2020-10-28T00:57:43.268Z"
    },
    "last_checked": "2020-10-28T00:57:43.268Z",
    "last_met_condition": "2020-10-28T00:57:43.268Z",
    "actions": {
      "send_email": {
        "ack": {
          "timestamp": "2020-10-28T00:57:43.268Z",
          "state": "ackable"
        },
        "last_execution": {
          "timestamp": "2020-10-28T00:57:43.268Z",
          "successful": true
        },
        "last_successful_execution": {
          "timestamp": "2020-10-28T00:57:43.268Z",
          "successful": true
        }
      }
    },
    "execution_state": "executed",
    "version": -1
  },
  "trigger_event": {
    "type": "manual",
    "triggered_time": "2020-10-28T00:57:43.268Z",
    "manual": {
      "schedule": {
        "scheduled_time": "2020-10-28T00:57:43.268Z"
      }
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "stats-p-tsc*"
        ],
        "types": [],
        "body": {
          "size": 0,
          "query": {
            "bool": {
              "filter": {
                "range": {
                  "timestamp": {
                    "gte": "now-60m"
                  }
                }
              },
              "must": [
                {
                  "match": {
                    "category": "XSF"
                  }
                },
                {
                  "match": {
                    "customer": "CustomerX"
                  }
                },
                {
                  "match": {
                    "service_name": "TicketingSv"
                  }
                }
              ]
            }
          },
          "aggs": {
            "total_requests": {
              "sum": {
                "field": "request_count"
              }
            }
          }
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.aggregations.total_requests.value": {
        "eq": 0
      }
    }
  },
  "metadata": {
    "name": "test_nobookings",
    "xpack": {
      "type": "json"
    }
  },
  "result": {
    "execution_time": "2020-10-28T00:57:43.268Z",
    "execution_duration": 361,
    "input": {
      "type": "search",
      "status": "success",
      "payload": {
        "_shards": {
          "total": 676,
          "failed": 0,
          "successful": 676,
          "skipped": 675
        },
        "hits": {
          "hits": [],
          "total": 0,
          "max_score": 0
        },
        "took": 281,
        "timed_out": false,
        "aggregations": {
          "total_requests": {
            "value": 0
          }
        }
      },
      "search": {
        "request": {
          "search_type": "query_then_fetch",
          "indices": [
            "stats-p*"
          ],
          "types": [],
          "body": {
            "size": 0,
            "query": {
              "bool": {
                "filter": {
                  "range": {
                    "timestamp": {
                      "gte": "now-60m"
                    }
                  }
                },
                "must": [
                  {
                    "match": {
                      "category": "XSF"
                    }
                  },
                  {
                    "match": {
                      "customer": "CustomerX"
                    }
                  },
                  {
                    "match": {
                      "service_name": "TicketingSv"
                    }
                  }
                ]
              }
            },
            "aggs": {
              "total_requests": {
                "sum": {
                  "field": "request_count"
                }
              }
            }
          }
        }
      }
    },
    "condition": {
      "type": "compare",
      "status": "success",
      "met": true,
      "compare": {
        "resolved_values": {
          "ctx.payload.aggregations.total_requests.value": 0
        }
      }
    },
    "actions": [
      {
        "id": "send_email",
        "type": "email",
        "status": "simulated",
        "email": {
          "message": {
            "id": "send_email__inlined__471f732e-3874-4c1f-b7c4-8201e27127fd-2020-10-28T00:57:43.268Z",
            "sent_date": "2020-10-28T00:57:43.629Z",
            "to": [
              "test@test.com"
            ],
            "subject": "off peak hrs",
            "body": {
              "text": "off peak hrs "
            }
          }
        }
      }
    ]
  },
  "messages": []
}

system · November 25, 2020, 1:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher elastic query Kibana elastic-stack-alerting	5	294	July 19, 2021
Help with watcher alert configuration in Kibana Elasticsearch elastic-stack-alerting	8	2142	May 1, 2019
Adding conditions dynamically to the watcher Elasticsearch elastic-stack-alerting	1	345	September 10, 2020
Watcher Timestamp showing in EPOCH Elasticsearch elastic-stack-alerting	4	901	October 1, 2021
New to Watcher and trying to find examples Elasticsearch elastic-stack-alerting	3	503	June 28, 2018

Creating dynamic watcher

Related Topics