Good afternoon I'm trying to configure an alert in a unitary way, I mean, that from a field, I get out or equal to a term that I define; what I need is a term that I ask from the field "monitor.name.keyword" to get from that field a name that I put with a query term filter. This is the code and the error you give me in the output.
source code:
{
"trigger": {
"schedule": {
"interval": "1h"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"agenteallot*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "{{ctx.trigger.scheduled_time}}||-5m",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}
},
"aggs": {
"bucketAgg": {
"terms": {
"field": "monitor.name.keyword",
"query": {
"bool":{
"filter":{
"term":{
"monitor.name.keyword": "13-1-CAV30CI971650-CALLE_58-PPAL-20M-99.8"
}}
}
}
},
"aggs": {
"metricAgg": {
"max": {
"field": "summary.up"
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; for (int i = 0; i < arr.length; i++) { if (arr[i]['metricAgg'].value >= params.threshold) { return true; } } return false;",
"lang": "painless",
"params": {
"threshold": 0.8
}
}
},
"actions": {
"email_1": {
"email": {
"profile": "standard",
"attach_data": {
"format": "yaml"
},
"to": [
"juan.jaramillo@megadvantage.com",
"victor.vera@megadvantage.com"
],
"subject": "{{ctx.metadata.name}} {{ctx.payload.results}}",
"body": {
"text": """Buen dia, Adjunto registro del reporte.
ALERTA NODO!!! El siguiente enlace perdió la conexión.
Estado: Down🔴
Nombre del Enlace: {{ctx.payload.results}}
Hora: {{ctx.execution_time}}
Área: Networking
Mensaje Alerta: El enlace ha dejado de responder. Responder correo a telecomunicaciones@udistrital.edu.co
Ingrese aquí para más información: https://72dfe17217744236af40cc31b704a664.us-central1.gcp.cloud.es.io:9243/s/distrital/app/uptime#"""
}
}
}
},
"transform": {
"script": {
"source": "HashMap result = new HashMap(); ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; ArrayList filteredHits = new ArrayList(); for (int i = 0; i < arr.length; i++) { HashMap filteredHit = new HashMap(); filteredHit.key = arr[i].key; filteredHit.value = arr[i]['metricAgg'].value; if (filteredHit.value >= params.threshold) { filteredHits.add(filteredHit); } } result.results = filteredHits; return result;",
"lang": "painless",
"params": {
"threshold": 0.8
}
}
}
}
Output Code:
{ "watch_id":
"inlined",
"node":
"ELuSGxpSRICZb2ZHJp4paA",
"state":
"failed",
"user":
"elastic",
"status":
{ "state":
{ "active":
true,
"timestamp":
"2020-10-05T19:37:36.293Z"
}, "actions":
{ "email_1":
{ "ack":
{ "timestamp":
"2020-10-05T19:37:36.293Z",
"state":
"awaits_successful_execution"
} } }, "execution_state":
"failed",
"version":
-1
}, "trigger_event":
{ "type":
"manual",
"triggered_time":
"2020-10-05T19:37:36.293Z",
"manual":
{ "schedule":
{ "scheduled_time":
"2020-10-05T19:37:36.293Z"
} } }, "input":
{ "search":
{ "request":
{ "search_type":
"query_then_fetch",
"indices":
[ "agenteallot*"
], "rest_total_hits_as_int":
true,
"body":
{ "size":
0,
"query":
{ "bool":
{ "filter":
{ "range":
{ "@timestamp":
{ "gte":
"{{ctx.trigger.scheduled_time}}||-5m",
"lte":
"{{ctx.trigger.scheduled_time}}",
"format":
"strict_date_optional_time||epoch_millis"
} } } } }, "aggs":
{ "bucketAgg":
{ "terms":
{ "field":
"monitor.name.keyword",
"query":
{ "bool":
{ "filter":
{ "term":
{ "monitor.name.keyword":
"13-1-CAV30CI971650-CALLE_58-PPAL-20M-99.8"
} } } } }, "aggs":
{ "metricAgg":
{ "max":
{ "field":
"summary.up"
} } } } } } } } }, "condition":
{ "script":
{ "source":
"ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets;
for (int i = 0; i < arr.length; i++) { if (arr[i]['metricAgg'].value >= params.threshold) { return true; } } return false;",
"lang":
"painless",
"params":
{ "threshold":
0.8
} } }, "metadata":
{ "name":
"Alerta caída enlace único2.0",
"xpack":
{ "type":
"json"
} }, "result":
{ "execution_time":
"2020-10-05T19:37:36.293Z",
"execution_duration":
1,
"input":
{ "type":
"search",
"status":
"failure",
"error":
{ "root_cause":
[ { "type":
"x_content_parse_exception",
"reason":
"[1:255] [terms] unknown field [query]"
} ], "type":
"x_content_parse_exception",
"reason":
"[1:255] [terms] unknown field [query]"
}, "search":
{ "request":
{ "search_type":
"query_then_fetch",
"indices":
[ "agenteallot*"
], "rest_total_hits_as_int":
true,
"body":
{ "size":
0,
"query":
{ "bool":
{ "filter":
{ "range":
{ "@timestamp":
{ "gte":
"2020-10-05T19:37:36.293728Z||-5m",
"lte":
"2020-10-05T19:37:36.293728Z",
"format":
"strict_date_optional_time||epoch_millis"
} } } } }, "aggs":
{ "bucketAgg":
{ "terms":
{ "field":
"monitor.name.keyword",
"query":
{ "bool":
{ "filter":
{ "term":
{ "monitor.name.keyword":
"13-1-CAV30CI971650-CALLE_58-PPAL-20M-99.8"
} } } } }, "aggs":
{ "metricAgg":
{ "max":
{ "field":
"summary.up"
} } } } } } } } }, "actions":
}, "messages":
[ "failed to execute watch input"
] }
THANKS!!