Want System memory usage to be come in Percentile form

Elastic Stack Elasticsearch
1

Hello,
I have set an advance watcher to get System memory usage of an Instance via mail, but I am getting the response as Watch [{0={value=0.7806375838926162, key=wp-bookopidia-prod-vm}}] has exceeded the threshold via email alert.

But I want the content via email to be - bookopidia-prod-vm has exceeded the memory by 70% or the actual result in percentage.

This is the JSON for the watch that I've configured:

{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"metricbeat-wp-"
],
"types": [],
"body": {
"size": 0,
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "{{ctx.trigger.scheduled_time}}||-1d",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}
},
"aggs": {
"bucketAgg": {
"terms": {
"field": "beat.hostname",
"size": 50,
"order": {
"metricAgg": "desc"
}
},
"aggs": {
"metricAgg": {
"avg": {
"field": "system.memory.used.pct"
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; for (int i = 0; i < arr.length; i++) { if (arr[i]['metricAgg'].value > params.threshold) { return true; } } return false;",
"lang": "painless",
"params": {
"threshold": 0.7
}
}
},
"actions": {
"email_1": {
"email": {
"account": "gmail_account",
"profile": "gmail",
"to": [
"maxjohnson968@gmail.com"
],
"subject": "Host has exceeded the threshold",
"body": {
"text": "Watch [{{ctx.payload.results}}] has exceeded the threshold"
}
}
}
},
"metadata": {
"watcherui": {
"trigger_interval_unit": "m",
"agg_type": "avg",
"time_field": "@timestamp",
"trigger_interval_size": 1,
"term_size": 50,
"time_window_unit": "d",
"threshold_comparator": ">",
"term_field": "beat.hostname",
"index": [
"metricbeat-wp-"
],
"time_window_size": 1,
"threshold": 0.7,
"agg_field": "system.memory.used.pct"
}
},
"transform": {
"script": {
"source": "HashMap result = new HashMap(); ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; ArrayList filteredHits = new ArrayList(); for (int i = 0; i < arr.length; i++) { HashMap filteredHit = new HashMap(); filteredHit.key = arr[i].key; filteredHit.value = arr[i]['metricAgg'].value; if (filteredHit.value > params.threshold) { filteredHits.add(filteredHit); } } result.results = filteredHits; return result;",
"lang": "painless",
"params": {
"threshold": 0.7
}
}
}
}

Please help

2

Perhaps just modify the text to use Mustache notation to loop through the result array:

          "text": "The following hosts have exceeded the threshold:\n{{#ctx.payload.results}}{{key}}:{{value}}\n{{/ctx.payload.results}}"

This would yield something like:

The following hosts have exceeded the threshold:
host1:0.8676520305709595
host2:0.71281805909704554
3

Thank-you so much Rich for the prompt reply, it is very helpful but I want the threshold to come in percentile.
I want hosts have exceeded the threshold:
host1:0.8676520305709595 to be like host1: 80%

Is there any way to convert the decimal value to % value.

Thanx

4

Do the rounding in the transform:

      "transform": {
"script": {
"source": "HashMap result = new HashMap(); ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; ArrayList filteredHits = new ArrayList(); for (int i = 0; i < arr.length; i++) { HashMap filteredHit = new HashMap(); filteredHit.key = arr[i].key; filteredHit.value = Math.round(arr[i]['metricAgg'].value*100); if (filteredHit.value > params.threshold) { filteredHits.add(filteredHit); } } result.results = filteredHits; return result;",
"lang": "painless",
"params": {
"threshold": 70
}
}
}
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.