Watcher Assistance (ii)

PinkElephant · February 23, 2021, 11:08pm

Hey,

Trying to use some code I found in the docs, and am met with an error.

{
  "trigger": {
    "schedule": {
      "interval": "1m"
    }
  },
  "input": {
    "search": {
      "request": {
        "indices": ".monitoring-*",
        "types": "cluster_state",
        "body": {
          "query": {
            "bool": {
              "filter": [
                {
                  "range": {
                    "timestamp": {
                      "gte": "now-48h"
                    }
                  }
                },
                {
                  "terms": {
                    "cluster_state.status": ["green", "yellow", "red"]
                  }
                }
              ]
            }
          },
          "_source": [
            "cluster_state.status"
          ],
          "sort": [
            {
              "timestamp": {
                "order": "desc"
              }
            }
          ],
          "size": 1,
          "aggs": {
            "minutes": {
              "date_histogram": {
                "field": "timestamp",
                "interval": "5s"
              },
              "aggs": {
                "status": {
                  "terms": {
                    "field": "cluster_state.status",
                    "size": 3
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "throttle_period": "30m", 
  "condition": {
    "script": {
      "inline": "if (ctx.payload.hits.total < 1) return false; def rows = ctx.payload.hits.hits; if (rows[0]._source.cluster_state.status != 'red') return false; if (ctx.payload.aggregations.minutes.buckets.size() < 12) return false; def last60Seconds = ctx.payload.aggregations.minutes.buckets[-12..-1]; return last60Seconds.every { it.status.buckets.every { s -> s.key == 'red' }}"
    }
  },
  "actions": {
    "send_email": { 
      "email": {
        "to": "redacted", 
        "subject": "Watcher Notification - Cluster has been RED for the last 60 seconds",
        "body": "Your cluster has been red for the last 60 seconds."
      }
    }
  }
}

Error:
[script_exception] compile error, with { script_stack={ 0="... ions.minutes.buckets[-12..-1]; return last60Second ..." & 1=" ^---- HERE" } & script="if (ctx.payload.hits.total < 1) return false; def rows = ctx.payload.hits.hits; if (rows[0]._source.cluster_state.status != 'red') return false; if (ctx.payload.aggregations.minutes.buckets.size() < 12) return false; def last60Seconds = ctx.payload.aggregations.minutes.buckets[-12..-1]; return last60Seconds.every { it.status.buckets.every { s -> s.key == 'red' }}" & lang="painless" & position={ offset=282 & start=257 & end=307 } }

How can I resolve this? Was viewing: Watching Marvel Data | Elasticsearch Watcher [2.4] | Elastic

We're not on this old a version, was simply the only example watch I could find that achieves what we're after.

PinkElephant · February 28, 2021, 9:25pm

Solved a different way. If anyone has insight into this problem, I'd be ears!

PinkElephant · March 5, 2021, 5:45am

No longer needed.

system · April 2, 2021, 5:45am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher Timestamp showing in EPOCH Elasticsearch elastic-stack-alerting	4	901	October 1, 2021
Watcher issue (for real) Elasticsearch elastic-stack-alerting	7	881	July 6, 2017
Error WATCHER smtp.host Elasticsearch elastic-stack-alerting	3	368	June 17, 2021
Error watcher with multiple terms and a metric Elasticsearch elastic-stack-alerting , painless	11	819	September 24, 2021
Condition In Watcher Elasticsearch elastic-stack-alerting	6	1275	January 3, 2018

Watcher Assistance (ii)

Related Topics