Hi Team,
I read about watcher "script and template" documentation that suggests writing Groovy scripts and all to add index fields along with alert message body. But i didn't understand it much, obviously being a new bee.
can you share an example or document for below requirement:
- topbeat disk alert
- message body should contain value of "fs.used_p"
Below might put some more light:
Note: my actual input condition is below one, match_all query is just for testing to include match_all result in input payload
"filter": {
"range": {
"fs.used_p": {"gt": 0.40}
}
}
put _watcher/watch/fs_disk_top1
{
"trigger": {
"schedule": {
"interval": "300s"
}
},
"input": {
"search": {
"request": {
"indices": [
"topbeat-2016.08.03"
],
"body": {
"query" :{
"match_all": {}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"email_admin": {
"email": {
"to": "abc",
"subject": "{{ctx.watch_id}} executed",
"body": "Disc utilization is more than 50 {{ctx.metadata.*}}"
}
}
}
}
Result (copied only relevant lines):
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"topbeat-2016.08.03"
],
"types": [],
"template": {
"template": {
"query": {
"match_all": {}
}
},
"params": {
"ctx": {
"id": "fs_disk_top1_0-2016-08-03T17:47:00.118Z",
"vars": {},
"trigger": {
"triggered_time": "2016-08-03T17:47:00.118Z",
"scheduled_time": "2016-08-03T17:47:00.118Z"
},
"execution_time": "2016-08-03T17:47:00.118Z",
"watch_id": "fs_disk_top1",
"metadata": null
}
}
}
}
}
},
"condition": {
"type": "compare",
"status": "success",
"met": true,
"compare": {
"resolved_values": {
"ctx.payload.hits.total": 2293856
}
}
},
"actions": [
{
"id": "email_admin",
"type": "email",
"status": "success",
"email": {
"account": "exchange_account",
"message": {
"id": "fs_disk_top1_0-2016-08-03T17:47:00.118Z",
"from": "abc",
"sent_date": "2016-08-03T17:47:00.127Z",
"to": [
"abc"
],
"subject": "fs_disk_top1 executed",
"body": {
"text": "Disc utilization is more than 50 "
}
}
}
}
]
}
}
}
Thanks & Regards
