Hi everyone,
I'm trying to develop a simple watcher to count the number of the errors and warnings, through reading my application log.
Everything works well but i'm not able to recognise, which are errors and which are warnings from the payload result.
Could someone help me?
Thanks in advance.
Matteo
Hey @mdavi
What does your index mapping look like? If you don't have a dedicated field for log severity, then it might be worthwhile to create one. Both Logstash and Beats can parse log files, and you can teach them how to determine the severity before you send the payload to Elasticsearch. If you're using a common logging format (for example, apache or nginx logs), then you can get that setup with very little effort.
Hi @Larry_Gregory,
thank you for the reply.
I'm using Logstash and I have a field for log severity.
Here below you can find a snippet of code in which I define an action email.
In the body of the email I would like to write the number of Warnings and Errors.
Is it possible? How?
Thanks in advance.
Matteo.
"actions": {
"email_admin": {
"email": {
"stateless": false,
"to": "emailto@domain.com",
"from": "emailfrom@domain.com",
"subject": "Alarm",
"priority": "high",
"body": "Found {{payload.hits.total.WARNINGS}} Warnings \r\n Found {{payload.hits.total.ERRORS}} Errors"
},
}
}
I'd need to see the index mapping and query you are using to give you a definitive answer, but in order to access the payload within the body, you'll likely need to prefix it with ctx: ctx.payload.hits.total ...
Hi @Larry_Gregory,
Here below you can find the query.
In the first part I filter the environment (Test).
In the second part I create 3 adjacency matrix (one foreach of my application) e I would like to read the number of errors/warnigns/informations contained.
Is it possibile? How ?
GET /_search
{
"query": {
"bool": {
"must": [
{
"match": {
"fields.EnvironmentName": "TEST"
}
}
]
}
},
"aggs" : {
"interactions" : {
"adjacency_matrix" : {
"filters" : {
"App1" : {
"match" : { "fields.ApplicationName": "App1" },
"aggs" : { "errors" : { "match" : { "level" : "Error" }}, "warnings" : { "match" : { "level" : " Warning" }} }}
},
"App2" :
{
"match" : { "fields.ApplicationName": "App2",
"aggs" : { "errors" : { "match" : { "level" : "Error" }}, "warnings" : { "match" : { "level" : " Warning" }} }}
}},
"App3" :
{
"match" : { "fields.ApplicationName": "App3" }
"aggs" : { "errors" : { "match" : { "level" : "Error" }}, "warnings" : { "match" : { "level" : " Warning" }} }}
}
}
}
}
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.