Kibana - sentinl calculating alert

cemkuleyin · November 13, 2018, 11:24am

Hi everyone,

I want to create alert on sentinl. But i stucked.

In our case, we have two field, i want to calculate field1 / field2 and sent notification via email.

But i cannot do that. Our codes are,

input =>

{
"search": {
"request": {
"index": [
"graylog*"
],
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"timestamp": {
"from": "now-5m",
"to": "now"
}
}
},
{
"term": {
"ctxt_status": "COMPLETE_SUCCESS"
}
}
]
}
},
"aggs": {
"1": {
"terms": {
"field": "ctxt_request_id"
}
},
"2": {
"terms": {
"field": "ctxt_request_id"
}
}
}
}
}
}
}

condition

{
"script": {
"source": "return (ctx.payload.1.hits.total / ctx.payload.2.hits.total) == 0"
}
}

actions email body

{{ctx.payload.aggregations.1.buckets.1.doc_count}} /{{ctx.payload.aggregations.1.buckets.2.doc_count}}

Please help me asap.

Thanks.

rashmi · November 13, 2018, 6:03pm

This is more of a watcher question. Pinging @spinscale for more insight.

Thanks
Rashmi

Christian_Dahlqvist · November 13, 2018, 7:46pm

Sentinl is third party plugin, so you may have a better chance of getting an answer if you contact the creators.

cemkuleyin · November 14, 2018, 6:29am

Thanks for answers. But i stucked.

@spinscale,

can you help me?

spinscale · November 26, 2018, 3:41pm

I agree with @Christian_Dahlqvist here to contact the creators in their github repository and ask how this works, as the mentioned extension is not developed/supported by Elastic.

Hope this helps and good luck!

system · December 24, 2018, 3:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.