Hello team,
Need your help to configure alert to get 'percentage' using total payload hits. Attached configuration for the same. Kindly help to get 'percentage' count based on 'total hits' from the watcher result.
Details from attached config(aggregations used):
-
"group_by" aggregation to get count of respective status_codes.
-
"date_range" to get count for different timestamp range
-
"percent bucket script" to get percentage of count from different timestamp w.r.t status_code
Pending:
- Need Total Count (ctx.payload.hits.total or doc_count sum) for respective timestamp range to be used to calculate percentage
Ex. TwentyFourHour/TotalCount * 100
Expected Output:
Script:
PUT _watcher/watch/CHS-Retail-Status-Code-Percent
{
"trigger": {
"schedule": {
"interval": "24h"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"digital-chs-*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 100,
"_source": [
"@timestamp",
"URL",
"Status_Code"
],
"query": {
"bool": {
"must": [],
"filter": [
{
"bool": {
"should": [
{
"query_string": {
"fields": [
"URL.keyword"
],
"query": """*\/hosted\/retail\/web\-service\/rest\/hostedpos\/validatePartnerDetails"""
}
}
],
"minimum_should_match": 1
}
},
{
"range": {
"@timestamp": {
"gte": "now-24h",
"lte": "now",
"format": "strict_date_optional_time"
}
}
}
],
"should": [],
"must_not": []
}
},
"aggs": {
"group_by_statuscode": {
"terms": {
"field": "Status_Code.keyword"
},
"aggs": {
"range": {
"date_range": {
"field": "@timestamp",
"format": "H",
"ranges": [
{
"key": "twentyfour_hour",
"from": "now-24h",
"to": "now"
},
{
"key": "twoweek_prior",
"from": "now-15d",
"to": "now-14d"
}
],
"keyed": true
}
},
"percent1": {
"bucket_script": {
"buckets_path": {
"TwentyFourHour": "range['twentyfour_hour']>_count",
"TwoWeekPrior": "range['twoweek_prior']>_count"
},
"script": "if (params.TwentyFourHour == 0) {0} else {(params.TwentyFourHour/params.TwentyFourHour)*100}"
}
},
"percent2": {
"bucket_script": {
"buckets_path": {
"TwentyFourHour": "range['twentyfour_hour']>_count",
"TwoWeekPrior": "range['twoweek_prior']>_count"
},
"script": "if (params.TwoWeekPrior == 0) {0} else {(params.TwoWeekPrior/params.TwoWeekPrior)*100}"
}
}
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"my-logging-action": {
"logging": {
"level": "info",
"text": "There are {{ctx.payload.hits.total}} documents in your index. Threshold is 0."
}
},
"send_email": {
"email": {
"profile": "standard",
"from": "DonotReply-ELK-Prod@westernunion.com",
"to": [
"Shivani.Alande@wu.com"
],
"subject": "LBP Retail || Last 24 hrs Status Code Report",
"body": {
"html": """
<html>
<head>
</head>
<body>
<h>
200 --> Status OK (The request has succeeded)
<br>
302 --> Temporarily moved (This response code means that the URI of requested resource has been changed temporarily)
<br>
400 --> Bad Request (The server could not understand the request due to invalid syntax)
<br>
401 --> Unauthorized (client must authenticate itself to get the requested response)
<br>
404 --> Not Found (The server can not find the requested resource)
<br>
500 --> Internal Server Error (The server has encountered a situation it doesn't know how to handle)
<br>
502 --> Bad Gateway (Server got an invalid response)
<br>
503 --> Service unavailable (The server is not ready to handle the request)
<br>
504 --> Gateway timeout (Server cannot get a response in time)
<br>
For more information on HTTP Status code please refer below link : <A href=
"https://developer.mozilla.org/en-US/docs/Web/HTTP/Status"> https://developer.mozilla.org/en-US/docs/Web/HTTP/Status </A>
</h>
<br>
<br>
<A href="https://ProdURL"> Click here to View Result </A>
<br>
<br>
<table border="1";
style="background-color: lemonchiffon;
border: gray;
width: 100%;
padding: 16px;
text-align: left;
border-collapse: collapse;">
<tr>
<th>Status Code</th>
<th>LastTwentyFourHourCount</th>
<th>TwoWeekPriorCount</th>
<th>Percent1</th>
<th>Percent2</th>
</tr>
{{#ctx.payload.aggregations.group_by_statuscode.buckets}}
<tr>
<td>{{key}}</td>
<td>{{range.buckets.twentyfour_hour.doc_count}}</td>
<td>{{range.buckets.twoweek_prior.doc_count}}</td>
<td>{{percent1.value}}</td>
<td>{{percent2.value}}</td>
</tr>
{{/ctx.payload.aggregations.group_by_statuscode.buckets}}
</table>
</body>
</html>
"""
}
}
}
}
}