I try to create a watch to alert if one or much from a list of specific container is down. I already use metricbeat to gather the docker container metric. I need help to define this watch. It is not so simple 
Thx in advance!
Maybe you can share the watch you came up with so far and the output of the execute watch API so we can start debugging step by step?
--Alex
This is what I do for the moment.
{
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"metricbeat-*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"must": [
{
"match_phrase": {
"container.name": {
"query": "myspecifycontainer"
}
}
},
{
"range": {
"@timestamp": {
"format": "strict_date_optional_time",
"gte": "now-5m/m",
"lt": "now/m"
}
}
}
],
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"docker.healthcheck.status": "healthy"
}
}
],
"minimum_should_match": 1
}
}
],
"should": [],
"must_not": []
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 10
}
}
},
"actions": {
"my-logging-action": {
"logging": {
"level": "info",
"text": "My Query is not healthy."
}
}
}
}
do you care to explain what is not working? Also the output of the execute watch api is missing. Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.