Hi, do you have any idea how i can remove empty buckets from my response?
My query looks like that:
GET kubernetes-prod-metrics/_search
{
"_source": [
"@timestamp",
"kubernetes.namespace",
"kubernetes.container.name",
"kubernetes.pod.name",
"kubernetes.container.status.restarts",
"metricset.module",
"metricset.name"
],
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now/m-60m",
"lt": "now/m-1m"
}
}
}
],
"filter": [
{
"term": {
"metricset.module": "kubernetes"
}
},
{
"term": {
"kubernetes.namespace": "ccsm-prod"
}
},
{
"term": {
"metricset.name": "state_container"
}
},
{
"exists": {
"field": "kubernetes.container.status.restarts"
}
}
]
}
},
"size": 0,
"aggs": {
"pod": {
"terms": {
"field": "kubernetes.pod.name",
"size": 100
},
"aggs": {
"container": {
"terms": {
"field": "kubernetes.container.name",
"size": 100
},
"aggs": {
"min": {
"min": {
"field": "kubernetes.container.status.restarts"
}
},
"max": {
"max": {
"field": "kubernetes.container.status.restarts"
}
},
"result": {
"bucket_script": {
"buckets_path": {
"min": "min",
"max": "max"
},
"script": "params.max-params.min"
}
},
"restart": {
"bucket_selector": {
"buckets_path": {
"result": "result"
},
"script": "params.result>0"
}
}
}
}
}
}
}
}
and this is the result:
{
"took" : 1421,
"timed_out" : false,
"_shards" : {
"total" : 126,
"successful" : 126,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 3363,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"pod" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "ccsm-api-585dcb79d5-8gscr",
"doc_count" : 59,
"container" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [ ]
}
},
{
"key" : "ccsm-api-585dcb79d5-dkjbx",
"doc_count" : 59,
"container" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [ ]
}
},
{
"key" : "ccsm-adapter-8485496bcd-8ctzq",
"doc_count" : 59,
"container" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [ ]
}
},
...
}
}
}
if the condition (in bucket selector) is true, it looks :
{
"took" : 202,
"timed_out" : false,
"_shards" : {
"total" : 126,
"successful" : 126,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 3363,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"pod" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "ccsm-api-585dcb79d5-8gscr",
"doc_count" : 59,
"container" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "ccsm-api",
"doc_count" : 59,
"min" : {
"value" : 0.0
},
"max" : {
"value" : 0.0
},
"result" : {
"value" : 0.0
}
}
]
}
},
{
"key" : "ccsm-api-585dcb79d5-dkjbx",
"doc_count" : 59,
"container" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "ccsm-api",
"doc_count" : 59,
"min" : {
"value" : 1.0
},
"max" : {
"value" : 1.0
},
"result" : {
"value" : 0.0
}
}
]
}
},
{
"key" : "ccsm-adapter-8485496bcd-8ctzq",
"doc_count" : 59,
"container" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "ccsm-adapter",
"doc_count" : 59,
"min" : {
"value" : 0.0
},
"max" : {
"value" : 0.0
},
"result" : {
"value" : 0.0
}
}
]
}
},
...
}
}
}
I would like to get aggregations.pod.buckets,length() and use it in condition of alarm if there is any restarting container, so i need to remove empty container.buckets. Do you have any idea how to do that?
Best Patryk