Watcher advise in searching and filtering

Hay all

I am still basic, at watcher and would love some advise,

The below sample i am working on in an trigger to check system load, what works but i want to add an part where it checks for an hostname name, if that makes seance, os like in the last 5 mins for host XXXXX.

  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "metricbeat-*"
        ],
        "types": [],
        "body": {
          "size": 0,
          "query": {
            "bool": {
              "filter": {
                "range": {
                  "@timestamp": {
                    "gte": "{{ctx.trigger.scheduled_time}}||-5m",
                    "lte": "{{ctx.trigger.scheduled_time}}",
                    "format": "strict_date_optional_time||epoch_millis"
                  }
                }
              }
            }
          },
          "aggs": {
            "bucketAgg": {
              "terms": {
                "field": "beat.hostname",
                "size": 5
              },
              "aggs": {
                "metricAgg": {
                  "avg": {
                    "field": "system.load.1"
                  }
                }
              }
            }
          }
        }
      }
    }
  },

Any advice is grate full

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.