Hi ,
Please help me on this how to set conditional alert in watcher ..the alert to be trigger once my threshold breaches more than 10 mins.
Thanks,
Velu G
Hi ,
Please help me on this how to set conditional alert in watcher ..the alert to be trigger once my threshold breaches more than 10 mins.
Thanks,
Velu G
Hi ,
Can someone help me on this
What have you tried so far? Whats the data looks like? Whats not working?
You post a question and ask for a solution with providing any information.
Hi Paul,
Please find the details below...Currently my watcher will trigger the alert whenever the threshold reaches(14) . Instead of this i want to set the conditional alert like the alert need to trigger when my threshold breaches more than or equal to 10 mins.
{
"trigger": {
"schedule": {
"hourly": {
"minute": [
0,
10,
20,
30,
40,
50
]
}
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"eastern-mjsqueue-*"
],
"types": ,
"body": {
"query": {
"bool": {
"must": [
{
"match_all": {}
},
{
"range": {
"@timestamp": {
"gte": "now-{{ctx.metadata.range_date_time}}"
}
}
},
{
"match_phrase": {
"fields.eastern_region": {
"query": "{{ctx.metadata.region}}"
}
}
},
{
"match_phrase": {
"jsondoc.mjsdestname.keyword": {
"query": "easternInboundQueue"
}
}
},
{
"range": {
"jsondoc.messagecurrentCount": {
"gt": "{{ctx.metadata.threshold}}"
}
}
}
]
}
},
"aggs": {
"region": {
"terms": {
"field": "fields.eastern_region.keyword",
"size": 5,
"order": {
"_term": "desc"
}
},
"aggs": {
"perc": {
"percentiles": {
"field": "jsondoc.messagecurrentCount",
"percents": [
90
],
"keyed": false
}
},
"currentcount": {
"max": {
"field": "jsondoc.messagecurrentCount"
}
}
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"metadata": {
"watcher_id": "mjsQ-0001",
"range_date_time": "10m",
"slack": true,
"threshold": 14,
"region": "east-on",
"watcher_name": "Alert for eastern mjs Inbound Queue Depth by Percentiles",
"email": true
}
}
Please suggest me how to proceed the conditional alert.
Thanks,
Velu G
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.