Kibana watcher alert error

techrichit · July 15, 2019, 7:06pm

I am try to create a watcher alert for this I am trying to write a json logic to grep from kibana logs i am unsucessfull.

my requirement: I have three fields a_uniquejobid and b_status and c_timestamp.
from the logs i am trying to achieve : for every a_uniquejobid which has b_status "start" must have b_status "end" in 3 hours.

for each a_uniquejobid in the past 3 hours:
if exists b_status = "start" and not-exists b_status = "end"
then raise alert

Here is how my body look like.

"body": "{"query": {"bool": {"filter": [{"range": {"@c_timestamp": {"gte": "now-3h", "lte": "now"}}}],"must": [ {"match": {"a_uniquejobid": "start"}}],"must": [ {"match":{"b_status": NOT "end"}}]}}}"

this logic is not working for me can anyone help.
Alert part is working for me for basic query.

spinscale · August 1, 2019, 12:07pm

Hey,

at the core this is not a watcher question, but we need to have a proper search up and running first. Can you share some sample data and only the full search operation (including indices etc) that you are tring to and we'll go from there.

--Alex

system · August 29, 2019, 12:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.