I have a watcher with chained input. 2 searches, each searching for a different process that has been executed within the time period. I have an terms aggregation in each search for host.name
My aim is to trigger an alert of a host.name triggers both processes within the time period.
Am I going about this the right way or is there a better way?
If this is the correct way are there any good examples for the compare of the bucket keys to alert when theres a match for the same host.name in both?
that sounds about right. You might want to check out the Alerting examples for some inspirations regarding scripting. You will need a script condition to properly check for this. My take would be to collect all the host names from each search response aggregation and then check if those differ.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.