I would like to build an Alert (Watch) on monitoring data produced by Logstash. An abbreviated sample of the logstash_stats data is below. I am interested in building a query that will return a result when logstash_stats.pipeline[0].queue.events_count is greater than X. So far I've been unable to write a query that will take the logstash_stats.pipelines[0] syntax
{
"_index": ".monitoring-logstash-6-2019.03.11",
"_type": "doc",
"_id": "y9TJamkBWbgJUsLE8joK",
"_score": 3.6381288,
"_source": {
"cluster_uuid": "Gmvza0htSEKw4GfM6sUKXQ",
"timestamp": "2019-03-11T03:26:53.448Z",
"interval_ms": 1000,
"type": "logstash_stats",
"source_node": {...}
},
"logstash_stats": {
"timestamp": "2019-03-11T03:26:53.438Z",
"pipelines": [
{
"ephemeral_id": "d80e58cb-e13f-4b1b-aa3c-e7f7821cd0e2",
"queue": {
"type": "persisted",
"events_count": 60 `**<-- I want to be able to query this for a number greater than X**`
},
"id": "main",
"reloads": {
"failures": 0,
"successes": 0
},
"hash": "8870edd63dd058e41cf8bf803c2dbd1f615b1bad9400c57958de516f8ed2661c"
}
],
"queue": {
"events_count": 60
}
}
}
}