Kibana alert condition

Guy_Assaf · January 29, 2021, 12:27pm

See the image, I'm trying to define an alert such that a certain percentage will trigger the alert.
Two issues:

how to take the ERROR/SUCCESS doc from the list, I tried with (buckets{key:SUCCESS} which does not work)
the divide operation round the numbers like integer, I need a float number. (0.01)

Result example

{
"_shards": {
"total": 2080,
"failed": 0,
"successful": 2080,
"skipped": 2030
},
"hits": {
"hits": ,
"total": {
"value": 3750,
"relation": "eq"
},
"max_score": null
},
"took": 51,
"timed_out": false,
"aggregations": {
"2": {
"doc_count": 3750,
"buckets": [
{
"score": 0.0717097145653337,
"doc_count": 3723,
"bg_count": 202611071,
"key": "SUCCESS"
},
{
"score": 0.008978920146330968,
"doc_count": 4,
"bg_count": 24784,
"key": "PARTIAL_SUCCESS"
},
{
"score": 0.0020247561180953572,
"doc_count": 22,
"bg_count": 954370,
"key": "ERROR"
}
],
"bg_count": 218821134
}
}
}

Alert condition

ctx.results[0].aggregations.2.buckets{key:SUCCESS}.doc_count / ctx.results[0].hits.total.value == 0

ylasri · January 29, 2021, 1:13pm

Hi @Guy_Assaf,
Welcome to our community
I'm afraid that this thread is related to "AWS Open Distro", and then question may be asked here for more relevant answers

system · February 26, 2021, 1:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Calculating percentage and alerting through email Kibana	3	565	May 14, 2020
How to use the result of two buckets count divison in alerts? Kibana	1	238	December 28, 2020
How to create alert monitor where hits is over 100 Kibana elastic-stack-alerting	7	831	September 14, 2020
Mathematical operations on individual bucket elemenst Elasticsearch	8	1888	March 10, 2017
Need to extract doc_count value from ctx.payload.aggregations.by_store.buckets_doc_count Kibana	3	369	August 10, 2022

Kibana alert condition

Result example

Alert condition

Related topics