Kibana alert

Jathurshan_Sumandira · July 12, 2022, 12:19pm

Hi Team,
I am using Kibana alert rules and I used Elasticsearch query type.

{
"query": {
"bool": {
"filter": {
"script": {
"script": " String alert = 'No alert';
if(doc.containsKey('startTime') && doc['startTime'].size() > 0 && doc.containsKey('endTime') && doc['endTime'].size() > 0 && ((doc['endTime'].value.getMillis() - doc['startTime'].value.getMillis()) > 60000) ){
alert = 'start end Threshold Breach';
}
if(doc.containsKey('requestAt') && doc['requestAt'].size() > 0 && doc.containsKey('responseAt') && doc['responseAt'].size() > 0 && ((doc['responseAt'].value.getMillis() - doc['requestAt'].value.getMillis()) > 60000) ){
alert = 'request response Threshold Breach';
}
return (alert == 'start end Threshold Breach' || alert == 'request response Threshold Breach'); "
}
}
}
}
}
What I need is to add the alert variable (start end Threshold Breach, request response Threshold Breach) in my action
My Document to index is like this
{
"alertAt": "{{context.date}}",
"type": "test001",
"message": """{{#context.hits}} Record Id is {{_id}}, Record createdAt {{_source.createdAt}} .
{{/context.hits}}"""
}

system · August 9, 2022, 12:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.