I am try to do the calculate of the condition part in watcher.
But I have no idea how to do it .
For logstash monitoring index, there have a doc.logstash_stats.events.in and doc.logstash_stats.events.out.
How could I do subtraction between this to value and that is the value is less than 1000 or something, then return true?
Finally, I solved the problem.
use script field to create a new field
than just use compare in the condition
hey,
so script fields will have a considerable performance difference compared to a script condition - and they also solve a different problem.
If you dont spent some time on explaining your use-case, it will be hard to help.
Also, please refrain from using screenshots, as many people cannot see them (and you cannot paste it into a kibana instance and test it out yourself).
Thanks!
--Alex
Hi @spinscale ,
There have two field named "logstash_stats.events.in" and "logstash_stats.events.out" in the .monitoring-logstash index.
I would like to calculate the gap of in and out to make there have no data missing.
But actually I tried to do the subtraction in the condition, but still cannot get it done.
So I try to use script field, also cannot get it.
Here is my code:
{
"trigger": {
"schedule": {
"interval": "10s"
}
},
"input": {
"http": {
"request": {
"host": "localhost",
"port": 9200,
"path": "/<.monitoring-logstash-6-{now%2Fd}>/_search",
"body" : "{"query":{"match_all":{}},"script_fields":{"logstash_stats.events.gap":{"script":"doc['logstash_stats.events.in'].value - doc['logstash_stats.events.out'].value"}},"size":1,"sort":[{"logstash_stats.timestamp":{"order":"desc"}}]}"
}
}
},
"condition": {
"compare" : {
"ctx.payload.hits.hits.0._source.logstash_stats.events.gap" : {
"gt" : "1000"
}
}
},
"actions": {
"email_administrator" : {
"email" : {
"to" : "test@mail.com",
"subject" : "test",
"body" : "test",
"priority" : "high"
}
}
}
}
But the result of gap is null
"condition": {
"type": "compare",
"status": "success",
"met": false,
"compare": {
"resolved_values": {
"ctx.payload.hits.hits.0._source.logstash_stats.events.gap": null
}
}
}
Do you have any idea or suggestion about this?
If you want to access a scripted field in the condition, you need to use the correct path.
A reply of a script fields looks a bit different
"hits": [
{
"_index": ".watcher-history-3-2017.10.23",
"_type": "watch_record",
"_id": "e4ZR1JpWQUCr7cFWH8l77Q_kibana_version_mismatch_41b24cc8-6269-45de-8252-6ecb593dcf29-2017-10-23T00:00:44.952Z",
"_score": 1,
"fields": {
"foo": [
"e4ZR1JpWQUCr7cFWH8l77Q_kibana_version_mismatch"
]
}
},
{
...
so you would need to use ctx.payload.hits.hits.0.fields.foo.0 in this example.
--Alex
Already solved the problem
Thanks.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.