I am looking to send only the error message generated during an watcher check to victorops. But the victorops Json is not accepting multiple entities . Looking for a way to pass only the error message as ctx.payload. I tried using transform and it failed needed help on creating the right output to victorops.
adding the watcher details:-
"trigger": {
"schedule": {
"interval": "10m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"apm-test*”
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"term": {
"service.name": "{{ctx.metadata.serviceName}}"
}
},
{
"term": {
"processor.event": "error"
}
},
{
"range": {
"@timestamp": {
"gte": "now-{{ctx.metadata.timeRangeValue}}{{ctx.metadata.timeRangeUnit}}"
}
}
}
]
}
},
"aggs": {
"error_groups": {
"terms": {
"min_doc_count": "{{ctx.metadata.threshold}}",
"field": "error.grouping_key",
"size": 10,
"order": {
"_count": "desc"
}
},
"aggs": {
"sample": {
"top_hits": {
"_source": [
"error.log.message",
"error.exception.message",
"error.exception.handled",
"error.culprit",
"error.grouping_key",
"@timestamp"
],
"sort": [
{
"@timestamp": "desc"
}
],
"size": 1
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "return ctx.payload.aggregations.error_groups.buckets.length > 0",
"lang": "painless"
}
},
"actions": {
"log_error": {
"logging": {
"level": "info",
"text": "Your service "{{ctx.metadata.serviceName}}" has error groups which exceeds {{ctx.metadata.threshold}} occurrences within "{{ctx.metadata.timeRangeValue}}{{ctx.metadata.timeRangeUnit}}"
{{#ctx.payload.aggregations.error_groups.buckets}}
{{sample.hits.hits.0._source.error.log.message}}{{^sample.hits.hits.0._source.error.log.message}}{{sample.hits.hits.0._source.error.exception.0.message}}{{/sample.hits.hits.0._source.error.log.message}}
{{sample.hits.hits.0._source.error.culprit}}{{^sample.hits.hits.0._source.error.culprit}}N/A{{/sample.hits.hits.0._source.error.culprit}}
{{doc_count}} occurrences
{{/ctx.payload.aggregations.error_groups.buckets}}"
}
},
"victorops": {
"webhook": {
"scheme": "https",
"host": "alert.victorops.com",
"port": 443,
"method": "post",
"path": "/integrations/generic/somecode/alert/$key/$routingkey“,
"params": {},
"headers": {
"Content-type": "application/json"
},
"body": "json::{"text":"message_type": "CRITICAL","monitoring_tool": "Elastic Watcher","entity_id": "prod","entity_display_name": "apm","state_message": " apm has generated alerts","elastic_watcher_payload": {{#toJson}}ctx.payload{{/toJson}} }"
}
}
},
"metadata": {
"emails": ,
"timeRangeValue": 10,
"threshold": 1,
"trigger": "This value must be changed in trigger section",
"serviceName": "apm",
"timeRangeUnit": "m"
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.