2015-04-14 17:04:48 -04:00
|
|
|
---
|
Move acking/throttling to the action level
Until now, acking and throttling functionality was applied at the watch level. This has major drawbacks in different aspects:
- When multiple actions are defined on a watch, acking a watch effectively acks all the actions. This is conceptually wrong. Say you have two actions: `email` and `index`. It's very likely you'd like to ack the email action (to avoid receiving too many emails) but at the same time continue indexing the data in the `index` action. Right now it's not possible.
- Different actions types may require different throttling. An `email` action probably needs a longer throttle period compared to an `index` action. Also for different `webhook` actions, the throttling is ultimately determined by the 3rd party system that is called.
This commit changes how we do throttling & acking. Moving this functionality to the action level. Now, when acking, each action in the watch will be acked separately. During executiong, each action will determine whether it needs to be throttled or not. The throttler is not associated with the action, not with the watch.
The throttle period was enhanced. There is a default throttle period that is configured for watcher as a whole (using the `watcher.execution.default_throttle_period` setting. Next to that, each `watch` can define its own `throttle_period` that can serve as the default throttle period for the actions in the watch. Lastly, each action can have its own throttle period set.
Since the throttler is now an action "thing", the `throttle` package was renamed to `throttler` and moved under the `actions` package. Also, `WatchThrottler` was renamed to `ActionThrottler`.
With this change, the `Watch Execute API` changed as well. Now, when executing a watch, you can define an execution mode per action. The execution mode offers 4 types of execution:
- `execute`: executes the watch normally (actually executing the action and it may be throttled)
- `force_execute`: skips/ignores throttling and executes the watch
- `simulate`: simulates the watch execution yet it may be throttled
- `force_simulate`: skips/ignores throttling and simulates the watch execution
As part of this change, the structure of the watch status changed along with the xconent representing the `watch_record`. A new `ActionStatus` was introduced (as part of the `WatchStatus`) and is always set for every action in the watch. This status holds:
- the current state of the action (`ackable`, `awaits_successful_execution`, `acked`)
- the last execution state (success/failure + reason)
- the last successful execution state
- the last throttle state (timestamp + reason)
Original commit: elastic/x-pack-elasticsearch@32c2985ed8739cb19d436d16092356463f5d1e51
2015-04-27 17:13:50 -04:00
|
|
|
"Test execute watch api with minimal body":
|
2015-04-14 17:04:48 -04:00
|
|
|
- do:
|
|
|
|
|
cluster.health:
|
|
|
|
|
wait_for_status: green
|
|
|
|
|
|
|
|
|
|
- do:
|
2015-04-28 19:08:28 -04:00
|
|
|
watcher.put_watch:
|
2015-04-14 17:04:48 -04:00
|
|
|
id: "my_logging_watch"
|
|
|
|
|
body: >
|
|
|
|
|
{
|
2015-05-05 12:37:44 -04:00
|
|
|
"trigger" : {
|
|
|
|
|
"schedule" : { "cron" : "0 0 0 1 * ? 2099" }
|
2015-04-14 17:04:48 -04:00
|
|
|
},
|
|
|
|
|
"input" : {
|
2015-05-03 09:03:28 -04:00
|
|
|
"simple" : {
|
|
|
|
|
"count" : 1
|
2015-04-14 17:04:48 -04:00
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"condition" : {
|
2015-05-03 09:03:28 -04:00
|
|
|
"script" : "ctx.payload.count == 1"
|
2015-04-14 17:04:48 -04:00
|
|
|
},
|
|
|
|
|
"actions" : {
|
Changed `watch_record` xcontent structure
- Renamed `watch_execution` to `execution_result`
- Renamed `actions_results` to `actions`
- Renamed `input_result` to `input`
- Renamed `condition_result` to `condition`
- Updated the `watch_history.json` template to reflect the changes, also added concrete mappings for action types (such that field that should not be analized will be mapped as `not_analyzed`
- Fixed a bug in `WatchUtils.createSearchRequestFromPrototype` where the document types were ignored.
Also, changed the `actions` (fka `actions_results`) from an object to an array. the action id is not part of the action objects (indicated by the `id` field). For example:
```
{
"actions" : [
{
"id" : "my_email",
"email" : {
...
}
}
]
}
```
The reason for this change is to make the path to the action fields predictable deterministic. With the object structure, where the actions were keyed by their `id`, the path to the action fields depended on the action id, which is unpredictable and continuously changing from one action to another. This made it impossible to properly analyze the action data using aggregations (as aggs require full path into the aggregated fields).
With this change, the mappings of `watch_record` changed as well where the `actions` are not defined as nested type, yet it is still configured to include all the fields in the root object. We do this so in the future, when appropriate support will be added to kibana, it'll be able to apply nested aggregations on the actions, enabling correct/safe multi-dimensional aggregations. In the mean time however, while kibana doesn't support nested aggregations, we still need to have all the fields indexed on the root, so at least a single dimensional aggregations can be safely applied.
Also, change the `input` and `condition` objects in the `watch_record` such that their mappings are disabled. The main reason for this is the fact that a lot of the inputs use elements that can be configured in many ways, but the mappings are too strict to accept it. For example, a template can be configured as a `string` or as an `object`.
Original commit: elastic/x-pack-elasticsearch@83464a0c719dd805b618f50faeac0edbd3d1bfe4
2015-05-08 16:35:48 -04:00
|
|
|
"logging" : {
|
2015-04-14 17:04:48 -04:00
|
|
|
"logging" : {
|
|
|
|
|
"text" : "foobar"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
- match: { _id: "my_logging_watch" }
|
|
|
|
|
|
|
|
|
|
- do:
|
2015-04-28 19:08:28 -04:00
|
|
|
watcher.execute_watch:
|
2015-04-14 17:04:48 -04:00
|
|
|
id: "my_logging_watch"
|
|
|
|
|
|
2015-05-27 15:07:58 -04:00
|
|
|
- match: { "watch_record.watch_id": "my_logging_watch" }
|
|
|
|
|
- match: { "watch_record.state": "executed" }
|
2015-06-12 22:22:31 -04:00
|
|
|
- match: { "watch_record.result.input.type": "simple" }
|
|
|
|
|
- match: { "watch_record.result.input.status": "success" }
|
|
|
|
|
- match: { "watch_record.result.input.payload.count": 1 }
|
|
|
|
|
- match: { "watch_record.result.condition.type": "script" }
|
|
|
|
|
- match: { "watch_record.result.condition.status": "success" }
|
De-normalize watch record format
Now that the watch record is write once and never read/parsed. We can de-normalize its format (the structure of the `watch_record` document) such it'd be optimal for searching and aggregating.
- `execution_result` renamed to `result` (for minimal verbosity)
- the structure of `trigger_event` changed to:
```
{
"trigger_event" : {
"type" : "<trigger_type>",
"triggered_time" : "<datetime>",
"<trigger_type>" : { // type specific data (optional) }
}
}
```
- the structure of `input` results changed to:
```
{
"result" : {
"input" : {
"type" : "<input_type>",
"payload" : { // the payload },
"<input_type>" : { // custom result fields per type (optional) }
},
...
}
}
```
- the structure of `condition` results changed to:
```
{
"result" : {
...
"condition" : {
"type" : "<condition_type>",
"met" : true | false,
"<condition_type>" : { // custom result fields per type (optional) }
},
...
}
}
```
- the structure of `transform` results changed to:
```
{
"result" : {
...
"transform" : {
"type" : "<transform_type>",
"payload" : { // the transformed payload }
"<transform_type>" : { // custom result fields per type (optional) }
},
...
}
}
```
- the structure of `actions` results changed to:
```
{
"result" : {
...
"actions" : [
{
"id" : "<action_id>"
"type" : "<action_type>",
"status" : "success" | "failure" | "simulated" | "throttled",
"reason" : "holds the reasoning if status is either success or throttled",
"transform" : { // action level transform result (if applicable)}
"<action_type>" : { // custom result fields per type (optional) }
},
...
]
}
}
```
Original commit: elastic/x-pack-elasticsearch@98466d4b838bb6f0681c95418ea159f2df67186b
2015-06-01 16:41:53 -04:00
|
|
|
- match: { "watch_record.result.condition.met": true }
|
|
|
|
|
- match: { "watch_record.result.actions.0.id" : "logging" }
|
|
|
|
|
- match: { "watch_record.result.actions.0.type" : "logging" }
|
|
|
|
|
- match: { "watch_record.result.actions.0.status" : "success" }
|
|
|
|
|
- match: { "watch_record.result.actions.0.logging.logged_text" : "foobar" }
|
