Hi All.
I've created runtime mapping (field), transaction.duration.sec, which contains converted (in seconds) value of the "original" transaction duration (expressed in microseconds), with the following watcher configuration:
{
"trigger": {
"schedule": {
"interval": "10m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"apm-7.16.2-*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"bool": {
"filter": [
{
"bool": {
"should": [
{
"range": {
"transaction.duration.us": {
"gte": "999999"
}
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase": {
"cloud.project.name": "medical-portal-prod-nl"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase": {
"service.name": "medical-portal-backend"
}
}
],
"minimum_should_match": 1
}
}
]
}
},
{
"range": {
"@timestamp": {
"gte": "now-{{ctx.metadata.timeRangeValue}}{{ctx.metadata.timeRangeUnit}}"
}
}
}
]
}
},
"runtime_mappings": {
"transaction.duration.seconds": {
"type": "double",
"script": {
"source": "emit(doc['transaction.duration.us'].value / 1000000)"
}
}
},
"aggs": {
"error_groups": {
"terms": {
"min_doc_count": "{{ctx.metadata.threshold}}",
"field": "transaction.name",
"size": 10,
"order": {
"_count": "desc"
}
},
"aggs": {
"sample": {
"top_hits": {
"_source": [
"transaction.name",
"service.name",
"transaction.duration.us",
"transaction.duration.seconds",
"transaction.id",
"event.outcome",
"url.path",
"@timestamp"
],
"sort": [
{
"@timestamp": "desc"
}
],
"size": 1
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "return ctx.payload.aggregations.error_groups.buckets.length > 0",
"lang": "painless"
}
},
"actions": {
"log_error": {
"logging": {
"level": "info",
"text": """Your service "{{ctx.metadata.serviceName}}" has transaction(s) exceeding the transaction duration threshold of {{ctx.metadata.threshold}} second within "{{ctx.metadata.timeRangeValue}}{{ctx.metadata.timeRangeUnit}}" <br/><br/>{{#ctx.payload.aggregations.error_groups.buckets}}<br/> {{sample.hits.hits.0._source.transaction.name}}{{^sample.hits.hits.0._source.transaction.name}}{{sample.hits.hits.0._source.transaction.duration.us}}{{sample.hits.hits.0._source.event.outcome}} {{sample.hits.hits.0._source.url.path}} {{/sample.hits.hits.0._source.transaction.name}} <br/>{{/ctx.payload.aggregations.error_groups.buckets}}"""
}
},
"slack_webhook": {
"webhook": {
"scheme": "https",
"host": "hooks.slack.com",
"port": 443,
"method": "post",
"path": "{{ctx.metadata.slackUrlPath}}",
"params": {},
"headers": {
"Content-Type": "application/json"
},
"body": """__json__::{"text":"Your service \"{{ctx.metadata.serviceName}}\" has transaction(s) exceeding the transaction duration threshold of {{ctx.metadata.threshold}} second within \"{{ctx.metadata.timeRangeValue}}{{ctx.metadata.timeRangeUnit}}\"\n{{#ctx.payload.aggregations.error_groups.buckets}}\n> *Transaction ID* : {{sample.hits.hits.0._source.transaction.id}} \n> *Transaction Name* : {{sample.hits.hits.0._source.transaction.name}}{{^sample.hits.hits.0._source.transaction.name}} {{/sample.hits.hits.0._source.transaction.name}} \n> *Duration(microsec)* : {{sample.hits.hits.0._source.transaction.duration.us}} \n> *Duration(sec)* : {{ctx.payload.transaction.duration.sec}} \n> *Request_Result* : {{sample.hits.hits.0._source.event.outcome}} \n> *Host URL* : {{sample.hits.hits.0._source.url.path}}\n{{/ctx.payload.aggregations.error_groups.buckets}}"}"""
}
}
},
"metadata": {
"emails": [],
"environment": "NL-PROD",
"timeRangeValue": 3,
"throttle_period_in_millis": 300000,
"slackUrlPath": "/services/TCB4V5EAH/B04GR1XJX46/mSYKtHNpNGyQdAWIQ38c02IE",
"threshold": 1,
"trigger": "This value must be changed in trigger section",
"serviceName": "medical-portal-backend",
"timeRangeUnit": "h"
},
"throttle_period_in_millis": 300000
}
However, I do not know how to retrieve the value of the runtime field, transaction.duration.sec, in order to have it sent to Slack via the related message body.
Thanks in advance,
Darko