Kibana watcher alert error

techrichit · July 15, 2019, 7:06pm

I am try to create a watcher alert for this I am trying to write a json logic to grep from kibana logs i am unsucessfull.

my requirement: I have three fields a_uniquejobid and b_status and c_timestamp.
from the logs i am trying to achieve : for every a_uniquejobid which has b_status "start" must have b_status "end" in 3 hours.

for each a_uniquejobid in the past 3 hours:
if exists b_status = "start" and not-exists b_status = "end"
then raise alert

Here is how my body look like.

"body": "{"query": {"bool": {"filter": [{"range": {"@c_timestamp": {"gte": "now-3h", "lte": "now"}}}],"must": [ {"match": {"a_uniquejobid": "start"}}],"must": [ {"match":{"b_status": NOT "end"}}]}}}"

this logic is not working for me can anyone help.
Alert part is working for me for basic query.

spinscale · August 1, 2019, 12:07pm

Hey,

at the core this is not a watcher question, but we need to have a proper search up and running first. Can you share some sample data and only the full search operation (including indices etc) that you are tring to and we'll go from there.

--Alex

system · August 29, 2019, 12:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create Kibana Watcher alerts for certain conditions Kibana	4	450	May 1, 2020
Kibana watcher help Kibana elastic-stack-alerting	20	612	February 28, 2023
Elasticsearch indexes - watcher notifications Elasticsearch elastic-stack-alerting	9	1574	September 15, 2017
Watcher alert for matching multiple fields in same index Kibana elastic-stack-alerting	3	926	June 29, 2021
"condition" part example Kibana elastic-stack-alerting	2	257	July 21, 2020

Kibana watcher alert error

Related topics