Hi everyone! I have text configured alert send watcher to email. However it is seem wrong text and not condition met send to email:
code:
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"logs-*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"datum": {
"gte": "now-1m"
}
}
},
{
"match": {
"httpResponseCode": 200
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 25
}
}
},
"actions": {
"my-logging-action": {
"logging": {
"level": "info",
"text": "There are {{ctx.payload.hits.total}} documents in your index. Threshold is 10."
}
},
"email_admin": {
"email": {
"profile": "standard",
"to": [
"abc@xyz.com.vn"
],
"subject": "HTTP Request Status Code Alert",
"body": {
"text": "The HTTP request status code is {{ctx.payload.status}}"
}
}
}
}
}
Output
{ "watch_id": "57a57a96-cbc0-45e9-9b21-8d5bd21bdff3", "node": "5rGdY0izQn29pSSYCdQqsw", "state": "execution_not_needed", "@timestamp": "2023-10-23T04:06:19.232Z", "user": "elastic", "status": { "state": { "active": true, "timestamp": "2023-10-23T03:59:53.556Z" }, "last_checked": "2023-10-23T04:06:19.232Z", "actions": { "email_admin": { "ack": { "timestamp": "2023-10-23T03:59:53.556Z", "state": "awaits_successful_execution" } }, "my-logging-action": { "ack": { "timestamp": "2023-10-23T03:59:53.556Z", "state": "awaits_successful_execution" } } }, "execution_state": "execution_not_needed", "version": -1 }, "trigger_event": { "type": "schedule", "triggered_time": "2023-10-23T04:06:19.232Z", "schedule": { "scheduled_time": "2023-10-23T04:06:18.852Z" } }, "input": { "search": { "request": { "search_type": "query_then_fetch", "indices": [ "logs-*" ], "rest_total_hits_as_int": true, "body": { "size": 0, "query": { "bool": { "filter": [ { "range": { "datum": { "gte": "now-1m" } } }, { "match": { "httpResponseCode": 200 } } ] } } } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gte": 25 } } }, "metadata": { "xpack": { "type": "json" } }, "result": { "execution_time": "2023-10-23T04:06:19.232Z", "execution_duration": 1, "input": { "type": "search", "status": "success", "payload": { "_shards": { "total": 38, "failed": 0, "successful": 38, "skipped": 0 }, "hits": { "hits": [], "total": 0, "max_score": null }, "took": 0, "timed_out": false }, "search": { "request": { "search_type": "query_then_fetch", "indices": [ "logs-*" ], "rest_total_hits_as_int": true, "body": { "size": 0, "query": { "bool": { "filter": [ { "range": { "datum": { "gte": "now-1m" } } }, { "match": { "httpResponseCode": 200 } } ] } } } } } }, "condition": { "type": "compare", "status": "success", "met": false, "compare": { "resolved_values": { "ctx.payload.hits.total": 0 } } }, "actions": [] }, "messages": [] }
Please help me process problem it. Thank everyone very much