How to show Memory Usage is at values percent

Thanadol_Thadasade · July 11, 2017, 6:58am

Hi, @spinscale
I'm having trouble with settings alerts for my memory usage. I'm using Metricbeat which is stashing only the memory metrics to Elasticsearch.

This is the JSON for the watch that I've configured:

PUT _xpack/watcher/watch/mem_warning
{
"trigger": {
"schedule": {
"interval": "10m"
}
},
"input": {
"search": {
"request": {
"indices": [
"metricbeat-*"
],
"body": {
"size": 10,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"from" : "now-7h"
}
}
},
{
"term": {
"metricset.name" : "memory"
}
},
{
"range": {
"system.memory.used.pct" : {
"from" : 0.75
}
}
}
]
}
},
"aggs": {
"hosts": {
"terms": {
"field": "beat.hostname",
"size": 10
}
}
}
}
}
}
},
"condition" : {
"script" : "return ctx.payload.aggregations.hosts.buckets.size() > 0"
},
"actions": {
"send_email": {
"transform" : {
"script" : {
"inline": "return [ 'hosts' : ctx.payload.aggregations.hosts.buckets.stream().map(b -> b.key).collect(Collectors.toList())]"
}
},
"email": {
"to": "thanadol.thad@wealth.co.th",
"subject": "Watcher Notification - HIGH MEMORY USAGE",
"body": "Hosts with HIGH MEMORY Usage (above 75%):\n\n{{ctx.payload.hosts}}\n\n Memory Usage is at: ... %"
}
}
}
}

I'm following Watching the watches: Writing, debugging and testing watches | Elastic Blog ,but it show one host.

I need that outputs to show hosts and values.
Example.

" Hosts with HIGH MEMORY USAGE (above 75%): hosts1 Memory Usage is at: 80.65%, hosts2 Memory Usage is at: 87.13% "
or
" Hosts with HIGH MEMORY USAGE (above 75%): hosts1,hosts2,hosts3 Memory Usage is at: 80.65%, 87.13%, 76.01% "

Thanks.

spinscale · July 11, 2017, 12:11pm

Hey,

I do not understand where your exact problem is at the moment. When you take a look at your aggregation, there is only an aggregation on the hostname, so this is the data you are getting from the search response. If you want to also get the memory usage, you may need to add another sub-aggregation that calculates max or average of the memory field in your data.

First start with the query, and only if that contains all the results, start writing a watch. The tricky part is usually the query, not the watch itself.

--Alex

Thanadol_Thadasade · July 12, 2017, 8:37am

thank for reply @spinscale
if i used sub-aggregation avg or max
Example

       "aggs": {
        "hosts": {
          "terms": {
            "field": "beat.hostname",
            "size": 10
          },
          "aggs": {
            "values": {
              "avg": {
                "field": "system.memory.used.pct"
              }
            }
          }
        }
      }

how to refer to sub-aggregation at action in body?

Example condition and action

"condition" : {
"script" : "return ctx.payload.aggregations.hosts.buckets.size() > 0"
},
"actions": {
"send_email": {
"transform" : {
"script" : {
"inline": "return [ 'hosts' : ctx.payload.aggregations.hosts.buckets.stream().map(b -> b.key).collect(Collectors.toList())]"
}
},
"email": {
"to": "thanadol.thad@wealth.co.th",
"subject": "Watcher Notification - HIGH MEMORY USAGE",
"body": "Hosts with HIGH MEMORY Usage (above 75%):\n\n{{ctx.payload.hosts}}\n\n
Memory Usage is at: ... % \n\n
at times: {{ctx.trigger.triggered_time}} \n\n"
}
}
}

thanks.

spinscale · July 12, 2017, 12:43pm

Hey.

how about this transform?

    "transform": {
      "script": {
        "inline": "return ['hosts': ctx.payload.aggregations.hosts.buckets.stream().map(b -> [b.key: b.values.value]).collect(Collectors.toList()) ]"
      }
    },

--Alex

Thanadol_Thadasade · July 13, 2017, 2:40am

Sorry for the trance question and a little grammar.
I think you are amazing and thanks for help me. @spinscale

system · August 10, 2017, 2:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.