This is my scenario: I have two fields (A and B) and I would like to create an alert where if sum(A+B) > 90% (or A / B > 1) should trigger the alert. It is possible to do that with alerts with Kibana?
Hi, you can do this with runtime fields.
Create a runtime field, for example called ab_sum, in your metrics data that calculates the sum of the two fields. Then create a rule definition of an index threshold rule type that alerts when the calculated field is greater than 0.9.
As the example of how to define the rule, the when and threshold may look like:
- When:
max() of "ab_sum" - Threshold:
is above 0.90
Would this script create that new field?
PUT my-index-000001/
{
"mappings": {
"runtime": {
"ab_sum": {
"type": "keyword",
"script": {
"source": "['a'].value + ['b'].value"
}
}
}
}
}
- The
typeshould belong- notkeyword - The
scriptshould use theemitmethod to emit calculated values: Map a runtime field | Elasticsearch Guide [7.13] | Elastic
Example:
"runtime": {
"ab_sum": {
"type": "long",
"script": {
"source": "emit(doc['field_a'].value + doc['field_b'].value)"
}
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.