Watcher Email output

Elastic Stack Elasticsearch
1 
{
  "trigger": {
    "schedule": {
      "interval": "1m"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "metricbeat-*"
        ],
        "rest_total_hits_as_int": true,
        "body": {
          "size": 0,
          "query": {
            "bool": {
              "filter": [
                {
                  "bool": {
                    "must": [
                      {
                        "term": {
                          "metricset.name": "uptime"
                        }
                      },
                      {
                        "range": {
                          "@timestamp": {
                            "gte": "now-15m"
                          }
                        }
                      },
                      {
                        "term": {
                          "tags": "192.168.1.34"
                        }
                      }
                    ]
                  }
                }
              ]
            }
          }
        }
      }
    }
  },
  "condition": {
    "script": {
      "source": "return ctx.payload.hits.total < 1",
      "lang": "painless"
    }
  },
  "actions": {
    "my-logging-action": {
      "logging": {
        "level": "info",
        "text": """Alert: {{ctx.payload.result.tags}} Node Down
         Server: {{ctx.payload.result.tags}}
timestamp: {{ctx.payload.result.action_time}}
Severity: High"""
      }
    },
    "email_action": {
      "email": {
        "account": "gmail",
        "profile": "standard",
        "from": "maskerti90@gmail.com",
        "to": [
          "maskerti90@gmail.com"
        ],
        "subject": "{{ctx.payload.result.tags}} Node Down",
        "body": {
          "text": """Alert: {{ctx.payload.result.tags}} Node Down
         Server: {{ctx.payload.result.tags}}
timestamp: {{ctx.payload.result.action_time}}
Severity: High"""
        }
      }
    }
  }
}

Output i am getting on elasticsearch.log

[2022-11-13T15:07:54,781][INFO ][o.e.x.w.a.l.ExecutableLoggingAction] [node-1] Alert:  Node Down
         Server:
timestamp:
Severity: High
[2022-11-13T15:08:54,959][INFO ][o.e.x.w.a.l.ExecutableLoggingAction] [node-1] Alert:  Node Down
         Server:
timestamp:
Severity: High

and on mail i am getting this output

Alert:  Node Down
         Server:
timestamp:
Severity: High

Basically my purpose is to get alert for when node goes , for this i am using metricbeat. I stopped one server to test this . In this query i am not getting node ip is there any way i can get node ip.

2

Hi Community ,

Can you please help me out of this
I run POST _watcher/watch/7f98fb2f-f45c-4054-81f0-df81cea4e87d/_execute

Result

{
  "_id" : "7f98fb2f-f45c-4054-81f0-df81cea4e87d_746e9a96-213b-4180-a1c5-2681c4cf6725-2022-11-15T07:23:00.696135646Z",
  "watch_record" : {
    "watch_id" : "7f98fb2f-f45c-4054-81f0-df81cea4e87d",
    "node" : "7xeDJeBOQuKSQV0H6b-OlQ",
    "state" : "executed",
    "user" : "lc5684231",
    "status" : {
      "state" : {
        "active" : false,
        "timestamp" : "2022-11-15T07:22:55.291Z"
      },
      "last_checked" : "2022-11-15T07:23:00.696Z",
      "last_met_condition" : "2022-11-15T07:23:00.696Z",
      "actions" : {
        "my-logging-action" : {
          "ack" : {
            "timestamp" : "2022-11-15T07:23:00.696Z",
            "state" : "ackable"
          },
          "last_execution" : {
            "timestamp" : "2022-11-15T07:23:00.696Z",
            "successful" : true
          },
          "last_successful_execution" : {
            "timestamp" : "2022-11-15T07:23:00.696Z",
            "successful" : true
          }
        }
      },
      "execution_state" : "executed",
      "version" : 142
    },
    "trigger_event" : {
      "type" : "manual",
      "triggered_time" : "2022-11-15T07:23:00.696Z",
      "manual" : {
        "schedule" : {
          "scheduled_time" : "2022-11-15T07:23:00.696Z"
        }
      }
    },
    "input" : {
      "search" : {
        "request" : {
          "search_type" : "query_then_fetch",
          "indices" : [
            "metricbeat-*"
          ],
          "rest_total_hits_as_int" : true,
          "body" : {
            "size" : 0,
            "query" : {
              "bool" : {
                "filter" : [
                  {
                    "bool" : {
                      "must" : [
                        {
                          "term" : {
                            "metricset.name" : "uptime"
                          }
                        },
                        {
                          "range" : {
                            "timestamp" : {
                              "from" : "now",
                              "to" : "now-5m"
                            }
                          }
                        },
                        {
                          "term" : {
                            "tags" : "192.168.1.33"
                          }
                        }
                      ]
                    }
                  }
                ]
              }
            }
          }
        }
      }
    },
    "condition" : {
      "compare" : {
        "ctx.payload.hits.total" : {
          "lte" : 0
        }
      }
    },
    "metadata" : {
      "name" : "Node Down-2",
      "xpack" : {
        "type" : "json"
      }
    },
    "result" : {
      "execution_time" : "2022-11-15T07:23:00.696Z",
      "execution_duration" : 3,
      "input" : {
        "type" : "search",
        "status" : "success",
        "payload" : {
          "_shards" : {
            "total" : 1,
            "failed" : 0,
            "successful" : 1,
            "skipped" : 0
          },
          "hits" : {
            "hits" : [ ],
            "total" : 0,
            "max_score" : null
          },
          "took" : 0,
          "timed_out" : false
        },
        "search" : {
          "request" : {
            "search_type" : "query_then_fetch",
            "indices" : [
              "metricbeat-*"
            ],
            "rest_total_hits_as_int" : true,
            "body" : {
              "size" : 0,
              "query" : {
                "bool" : {
                  "filter" : [
                    {
                      "bool" : {
                        "must" : [
                          {
                            "term" : {
                              "metricset.name" : "uptime"
                            }
                          },
                          {
                            "range" : {
                              "timestamp" : {
                                "from" : "now",
                                "to" : "now-5m"
                              }
                            }
                          },
                          {
                            "term" : {
                              "tags" : "192.168.1.33"
                            }
                          }
                        ]
                      }
                    }
                  ]
                }
              }
            }
          }
        }
      },
      "condition" : {
        "type" : "compare",
        "status" : "success",
        "met" : true,
        "compare" : {
          "resolved_values" : {
            "ctx.payload.hits.total" : 0
          }
        }
      },
      "actions" : [
        {
          "id" : "my-logging-action",
          "type" : "logging",
          "status" : "success",
          "logging" : {
            "logged_text" : """Alert:  Node Down
         Server: 
timestamp: 
Severity: High"""
          }
        }
      ]
    },
    "messages" : [ ]
  }
}

Metricbeat service is running but my condition is matching .

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.