Search a string in Kibana

sree3 · September 15, 2022, 3:19am

Hi,
We could see below custom message from one of the indices. I'm trying to filter a string "heap.memory.used/total=7" so that an action can triggered if the used heap memory used greater than 9*%. Every time if is try search for “heap.memory.used/total=7*” i am unable to get any data.

Could someone please help how i could filter out messages in Kibana UI that got "heap.memory.used/total=7*"

"message": "2022-09-15 03:12:09,444 INFO processors=4, physical.memory.total=22.0G, physical.memory.free=9.0G, swap.space.total=0, swap.space.free=0, heap.memory.used=8.6G, heap.memory.free=3.0G, heap.memory.total=11.6G, heap.memory.max=11.6G, heap.memory.used/total=73.91%, heap.memory.used/max=73.91%, minor.gc.count=336, minor.gc.time=58697ms, major.gc.count=32, major.gc.time=246809ms, load.process=0.45%, load.system=0.60%, load.systemAverage=1.56,
},

sree3 · September 15, 2022, 7:33am

{
  "trigger": {
    "schedule": {
      "interval": "2m"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "applications-*"
        ],
        "rest_total_hits_as_int": true,
        "body": {
          "size": 1,
          "query": {
            "bool": {
              "must": [
                {
                  "match": {
                    "message": {
                      "query": "heap.memory.used/total=9*.**%",
                      "operator": "and"
                    }
                  }
                },
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-30m"
                    }
                  }
                }
              ]
            }
          },
          "_source": [
            "message",
            "beat.name"
          ]
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.hits.total": {
        "gt": 0
      }
    }
  },
  "actions": {
    "email_me": {
      "email": {
        "profile": "standard",
        "priority": "high",
        "to": [
          "test@abc.com"
        ],
        "subject": " [Heap Memory]",
        "body": {
          "text": "Message = {{ctx.payload.hits.hits.0._source.message}}"
        }
      }
    }
  },
  "metadata": {
    "color": "red"
  },
  "throttle_period_in_millis": 900000
}

I'm trying at alert if memory usage is greater than 90% but above watcher is not working if i used "query": "heap.memory.used/total=9*.**%"

Could someone please help
Thanks

sree3 · September 15, 2022, 11:01am

In Kibana URL, i could able to get the expected results by using the below command

"heap.memory.used/total" and message : 9*

Someone please help me how i can add above search term in watcher alert

Topic		Replies	Views
Search for a variable string in Kibana Kibana elastic-stack-alerting	1	438	December 12, 2018
Create Kibana Watcher alerts for certain conditions Kibana	3	509	April 3, 2020
Kibana Alerts Kibana elastic-stack-alerting	12	801	December 4, 2020
Alert based on content of message Elasticsearch	2	1212	August 15, 2018
Create a watcher alert - extract a field and to compare Kibana elastic-stack-alerting	2	385	September 15, 2022

Search a string in Kibana

Related topics