Unable to print CPU usage values in Watcher email alert

AjitR · February 4, 2019, 5:34am

Hi All,
I am new to Elastic (v. 6.5) and got stuck in watcher email alert. I have below two issues,

Email is printing only server names and not its cpu usage.

Threshold filter of 70% not getting applied.
Any help is highly appreciated.

PUT _xpack/watcher/watch/DU-test
{
"trigger": {
"schedule": {
"interval": "60m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"metricbeat-*"
],
"types": ,
"body": {
"size": 0,
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "now-15m",
"lte": "now",
"format": "epoch_millis"
}
}
},
"should": [
{
"match_phrase": {
"host.name": "app08"
}
},
{
"match_phrase": {
"host.name": "app09"
}
},
{
"match_phrase": {
"host.name": "app10"
}
}
],
"minimum_should_match": 1
}
},
"aggs": {
"bucketAgg": {
"terms": {
"field": "host.name",
"size": 10,
"order": {
"metricAgg": "desc"
}
},
"aggs": {
"metricAgg": {
"max": {
"field": "system.cpu.system.pct"
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"lang": "painless",
"source": "ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; for (int i = 0; i < arr.length; i++) { if (arr[i]['metricAgg'].value > params.threshold) { return true; } } return false;",

   "params": {
     "threshold": 0.70
   }
 }

},
"actions": {
"email_1": {
"email": {
"profile": "standard",
"priority": "high",
"to": [ "xyz@ab.com" ],
"subject": "CPU Details",
"body": {
"html": "Below are details:

#ctx

{{key}}

"
}
}
}
},
"metadata": {
"color": "red"
}
}

-------------------------Dev Tools----Trimmed -Output----------------------------------------

   "result" : {
   "execution_time" : "2019-02-04T04:56:47.962Z",
   "execution_duration" : 146,
   "input" : {
     "type" : "search",
     "status" : "success",
     "payload" : {
       "_shards" : {
         "total" : 33,
         "failed" : 0,
         "successful" : 33,
         "skipped" : 0
       },
       "hits" : {
         "hits" : [ ],
         "total" : 4304,
         "max_score" : 0.0
       },
       "took" : 3,
       "timed_out" : false,
       "aggregations" : {
         "bucketAgg" : {
           "doc_count_error_upper_bound" : 0,
           "sum_other_doc_count" : 0,
           "buckets" : [
             {
               "doc_count" : 1503,
               "metricAgg" : {
                 "value" : 0.847
               },
               "key" : "app09"
             },
             {
               "doc_count" : 1440,
               "metricAgg" : {
                 "value" : 0.618
               },
               "key" : "app10"
             },
             {
               "doc_count" : 1361,
               "metricAgg" : {
                 "value" : 0.516
               },
               "key" : "app08"
             }
           ]
         }
       }
     },
  #trimmed
   "condition" : {
     "type" : "script",
     "status" : "success",
     "met" : true
   },
   "actions" : [
     {
       "id" : "email_1",
       "type" : "email",
       "status" : "success",
       "email" : {
         "account" : "standard",
         "message" : {
           "id" : "email_1_DU-test_f982fcbb-b04f-40f7-b494-7abb6948842e-2019-02-04T04:56:47.962Z",
           "from" : "xyz@abc.com",
           "priority" : "high",
           "sent_date" : "2019-02-04T04:56:47.966Z",
           "to" : [
             "xyz@ab.com"
           ],
           "subject" : "CPU Details",
           "body" : {
             "html" : "Found events matching Open Source: <ul><li>app09</li><li>app10</li><li>app08</li></ul>"
           }
         }
       }
     }
   ]
 },
 "messages" : [ ]

}
}

system · March 4, 2019, 5:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.