Hi,
Please suggest where can i find sample queries on beats (topbeat,packetbeat, filebeat (message)). I am looking for cpu,disk, 4xx etc. alerts.
Regards...
I tried this, but it giving me used_p = 0 records as well:
get topbeat-2016.03.15/filesystem/_search
{
"query": {
{ "match_all": {} },
"filter":
{
"fs":
{"range" :
"used_p": { "value" : 0.56}
}
}
}
}
}
Hi Team,
I understand the query logic i was working will not work as it is with watcher. Here is how i configured a test alert but didn't received any email yet. (i tested with a sample, email is working)
*i found lot of records where fs.used_p=0, hence put that condition for trial.
put _watcher/watch/fs_disk_watch_top
{
"actions" : {
"email_admin" : {
"email" : {
"body" : "{{ctx.watch_id}} executed with {{ctx.payload.hits.total}} hits",
"subject" : "{{ctx.watch_id}} executed",
"to" : "'abc@xyz.com'"
}
}
},
"condition" : {
"compare" : {
"ctx.payload.hits.total" : {
"gt" : 0
}
}
},
"input" : {
"search" : {
"request" : {
"body" : {
"query" : {
"match" : {
"fs.used_p" : "0"
}
}
},
"indices" : [ "topbeat-2016.03.16" ]
}
}
},
"trigger" : {
"schedule" : {
"interval" : "60s"
}
}
}
Regards...
Hey,
if a search does not return any result, then a watch is also never going to be triggered.
Also, please take some time and format the JSON you got using markdown, so it is easier to follow your steps. In addition dont forget to check your log files. And try to execute the watch manually by executing the Execute Watch API, allowing you to see the single steps of an execution and find out what is wrong.
--Alex