How can alerts be set up on a series of values?

I am generating a series of numerical values representing failed calls, grouped by their source application. Here is a basic tabular representation of this data:

Untitled819×768 39.8 KB

Untitled.pngq902×680 28.7 KB

I am trying to create threshold-based alerts that should be executed for each application that satisfies the condition. Presently, I can fetch the maximum across applications and execute the alert, however, my goal is to be able to check the application group data and execute an alert for that application if required. Then, the next application group should be checked and alerted if necessary. This should happen across all the applications that are present.

Although I could manually create a separate watch for each application, however, that would be tedious and difficult to maintain. Is there an alternate approach to creating such alerts?

Note: The json aggregations for the above data are as follows:

"aggregations": {
    "2": {
      "buckets": [
        {
          "3": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "4": {
                  "doc_count_error_upper_bound": 0,
                  "sum_other_doc_count": 244,
                  "buckets": [
                    {
                      "key": "channelB",
                      "doc_count": 1746
                    },
                    {
                      "key": "channelD",
                      "doc_count": 598
                    },
                    {
                      "key": "channelC",
                      "doc_count": 354
                    }
                  ]
                },
                "key": "FAILURE",
                "doc_count": 2942
              }
            ]
          },
          "key_as_string": "2020-11-06T17:00:00.000+05:30",
          "key": 1604662200000,
          "doc_count": 2942
        },
        {
          "3": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "4": {
                  "doc_count_error_upper_bound": 0,
                  "sum_other_doc_count": 226,
                  "buckets": [
                    {
                      "key": "channelB",
                      "doc_count": 1714
                    },
                    {
                      "key": "channelD",
                      "doc_count": 577
                    },
                    {
                      "key": "channelC",
                      "doc_count": 316
                    }
                  ]
                },
                "key": "FAILURE",
                "doc_count": 2833
              }
            ]
          },
          "key_as_string": "2020-11-06T18:00:00.000+05:30",
          "key": 1604665800000,
          "doc_count": 2833
        },
        {
          "3": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "4": {
                  "doc_count_error_upper_bound": 0,
                  "sum_other_doc_count": 112,
                  "buckets": [
                    {
                      "key": "channelB",
                      "doc_count": 856
                    },
                    {
                      "key": "channelD",
                      "doc_count": 278
                    },
                    {
                      "key": "channelC",
                      "doc_count": 162
                    }
                  ]
                },
                "key": "FAILURE",
                "doc_count": 1408
              }
            ]
          },
          "key_as_string": "2020-11-06T19:00:00.000+05:30",
          "key": 1604669400000,
          "doc_count": 1408
        }
      ]
    }
  }

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.