How to compare numeric field in the watcher condition

leopit · May 12, 2016, 8:30am

I am collecting traffic information per every second.

I'd like to compare the inoutbps field
if the traffic(bpsinout field) value goes over than 5000000, I hope get a notification

i tried to write watcher like below, but I don't know if this sentence is right or not.

curl -XPUT 'http://localhost2:9200/_watcher/watch/log_threshold_watch' -d '{
"trigger" : { "schedule" : { "interval" : "10s" } },
"input" : {
"search" : {
"request" : {
"indices" : [ "traffic-*" ],
"body" : {
"query" : {
"match" : { "type": "TOTAL_PROTOCOL" }
}
}
}
}
},
"condition" : {
"compare" : { "doc.bpsinout.value" : { "gt" : 5000000 }}
},
"actions" : {
"send_email" : {
"email" : {
"to" : "leopit.kr@gmail.com",
"subject" : "threshold alert",
"body" : "threshold alert"
}
}
}
}'

Actually, I don't know what the name of inoutbps field is.
doc.bpsinout.value right? I think it is wrong,

How to compare inoutbps value in the watcher?

Anybody help me.

spinscale · May 13, 2016, 6:51am

Hey,

there are some mentions in the compare condition.

You need to access the ctx.payload, which contains the JSON structure of the search response. So you need sth like ctx.payload.hits.hits.0.inoutbps if you want to get the value from the first document in the hits array.

Hope this helps!

--Alex