Kibana X-Pack Watcher Problem

cemkuleyin · November 30, 2018, 2:33pm

Hi everyone,

We want to subscribe xpack. Before the subscribe, we are testing it.

Our case,

we have a field of process status, we want to fired alarm for success rate. In field, "COMPLETE_SUCCESS" and "AUTHENTICATION_INIT" Our formula, count(COMPLETE_SUCCESS)/count(authentication_init).

Can you explain json format.

bryan_stuhlsatz · December 2, 2018, 6:01am

Json is a file format. You need to put your trigger, input, condition, etc, in that format for the watcher to execute. https://www.elastic.co/guide/en/x-pack/current/how-watcher-works.html

cemkuleyin · December 3, 2018, 7:17am

thanks for reply.

I create some part of alert. But i dont create condition. i have a two search, first and second. i want to calculate first/second (percentage) < 50% .

Can you examine this condition?

Kind Regards,

Cem

"trigger": {
"schedule": {
"interval": "10m"
}
},
"input": {
"chain": {
"inputs": [
{
"first": {
"search": {
"request": {
"indices": [
"graylog*"
],
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"ctxt_page_name": "Thank You"
}
},
{
"range": {
"timestamp": {
"from": "now-5m",
"to": "now"
}
}
}
]
}
}
}
}
}
}
},
{
"second": {
"search": {
"request": {
"indices": [
"graylog*"
],
"types": ,
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"ctxt_page_name": "Payment"
}
},
{
"range": {
"timestamp": {
"from": "now-5m",
"to": "now"
}
}
}
]
}
}
}
}
}
}
}
]
}
},
"condition": {
"script": {
"source": "return ((ctx.payload.first.hits.total / ctx.payload.second.hits.total)*100) < 50",
"lang": "painless"
}
},
"actions": {
"email_users": {
"email": {
"profile": "standard",
"attachments": {
"copy_of_search_results.txt": {
"data": {
"format": "json"
}
}
},
"priority": "high",
"to": [
"cem.kuleyin@enuygun.com"
],
"subject": "ELASTIC STACK ALERT: Payment processing issues in Application!",
"body": {
"html": "--Alerts Notification Details--
This alert triggered because a total of {{ctx.payload.first.hits.total}} timeout logs and {{ctx.payload.second.hits.total}} payment approvals were found in the application within the last ten minutes!

ALERT NAME: {{ctx.watch_id}}
Link to Kibana Dashboard: https://your.secure.link.here"
}
}
}
},
"throttle_period": "1h"
}

cemkuleyin · December 4, 2018, 11:11am

@bryan_stuhlsatz . please can you help me?

bryan_stuhlsatz · December 5, 2018, 5:42am

Sorry, you don't explain your problem. At first, you state "Can you explain Json?" Now you have your watcher rule, and say "can you help me?" Please state the problem you are having.

cemkuleyin · December 10, 2018, 12:02pm

im sorry. In our json, we are calculating two state, (first and second) i want to calculate first/second for alert. But i cannot calculate it.

is it enough for you? @bryan_stuhlsatz

system · January 7, 2019, 12:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher alert not working for multiple query with percentage calculation Kibana elastic-stack-alerting	3	885	October 13, 2020
Watcher - Divide two input in advanced alert Elasticsearch	1	693	January 15, 2019
Watcher Kibana : How can i use double condition in a "compare" Elasticsearch elastic-stack-alerting	7	6220	April 4, 2019
Create Kibana Watcher alerts for certain conditions Kibana	4	484	May 1, 2020
Watcher setting up alerts for kibana dashboard Kibana	2	452	November 20, 2019

Kibana X-Pack Watcher Problem

Related topics