Watcher aggregrations compare bucket keys

probson · February 11, 2020, 7:45pm

Hi,

I have a watcher with chained input. 2 searches, each searching for a different process that has been executed within the time period. I have an terms aggregation in each search for host.name

My aim is to trigger an alert of a host.name triggers both processes within the time period.

Am I going about this the right way or is there a better way?

If this is the correct way are there any good examples for the compare of the bucket keys to alert when theres a match for the same host.name in both?

Thanks

spinscale · February 12, 2020, 4:10pm

hey,

that sounds about right. You might want to check out the Alerting examples for some inspirations regarding scripting. You will need a script condition to properly check for this. My take would be to collect all the host names from each search response aggregation and then check if those differ.

--Alex

Topic		Replies	Views
How to compare two aggregation output in watcher in condition Elasticsearch elastic-stack-alerting	3	1837	March 15, 2019
How to compare two aggregations buckets in watcher Elasticsearch elastic-stack-alerting	3	1660	July 11, 2018
Condition compare - aggregations Kibana elastic-stack-alerting	5	3011	December 10, 2018
Watcher trigger on sub-bucket count Elasticsearch elastic-stack-alerting	3	1324	April 23, 2019
Watcher - Write painless script for looping aggregated buckets Elasticsearch elastic-stack-alerting , painless	3	1225	January 18, 2023

Watcher aggregrations compare bucket keys

Related topics