[DOCS] Updates Watcher examples for code testing (#31152)

This commit is contained in:
Lisa Cawley 2018-06-22 18:09:37 -07:00 committed by Colin Goodheart-Smithe
parent 44e1c8e9a9
commit 54d1b9eb6f
No known key found for this signature in database
GPG Key ID: F975E7BDD739B3C7
33 changed files with 110 additions and 41 deletions

View File

@ -14,38 +14,6 @@ buildRestTests.expectedUnconvertedCandidates = [
'en/security/authorization/run-as-privilege.asciidoc',
'en/security/ccs-clients-integrations/http.asciidoc',
'en/security/authorization/custom-roles-provider.asciidoc',
'en/watcher/actions/email.asciidoc',
'en/watcher/actions/hipchat.asciidoc',
'en/watcher/actions/index.asciidoc',
'en/watcher/actions/logging.asciidoc',
'en/watcher/actions/pagerduty.asciidoc',
'en/watcher/actions/slack.asciidoc',
'en/watcher/actions/jira.asciidoc',
'en/watcher/actions/webhook.asciidoc',
'en/watcher/condition/always.asciidoc',
'en/watcher/condition/array-compare.asciidoc',
'en/watcher/condition/compare.asciidoc',
'en/watcher/condition/never.asciidoc',
'en/watcher/condition/script.asciidoc',
'en/watcher/customizing-watches.asciidoc',
'en/watcher/example-watches/example-watch-meetupdata.asciidoc',
'en/watcher/how-watcher-works.asciidoc',
'en/watcher/input/chain.asciidoc',
'en/watcher/input/http.asciidoc',
'en/watcher/input/search.asciidoc',
'en/watcher/input/simple.asciidoc',
'en/watcher/transform.asciidoc',
'en/watcher/transform/chain.asciidoc',
'en/watcher/transform/script.asciidoc',
'en/watcher/transform/search.asciidoc',
'en/watcher/trigger/schedule/cron.asciidoc',
'en/watcher/trigger/schedule/daily.asciidoc',
'en/watcher/trigger/schedule/hourly.asciidoc',
'en/watcher/trigger/schedule/interval.asciidoc',
'en/watcher/trigger/schedule/monthly.asciidoc',
'en/watcher/trigger/schedule/weekly.asciidoc',
'en/watcher/trigger/schedule/yearly.asciidoc',
'en/watcher/troubleshooting.asciidoc',
'en/rest-api/ml/delete-snapshot.asciidoc',
'en/rest-api/ml/get-bucket.asciidoc',
'en/rest-api/ml/get-job-stats.asciidoc',

View File

@ -35,6 +35,7 @@ the watch payload in the email body:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The id of the action.
<2> The action type is set to `email`.
<3> One or more addresses to send the email to. Must be specified in the
@ -92,6 +93,7 @@ killed by firewalls or load balancers inbetween.
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The ID of the attachment, which is used as the file name in the email
attachment.
<2> The type of the attachment and its specific configuration.
@ -158,9 +160,8 @@ include::{kib-repo-dir}/reporting/watch-example.asciidoc[]
include::{kib-repo-dir}/reporting/report-intervals.asciidoc[]
//TODO: RE-ADD LINK:
//For more information, see
//{kibana-ref}/automating-report-generation.html[Automating Report Generation].
For more information, see
{kibana-ref}/automating-report-generation.html[Automating Report Generation].
[[email-action-attributes]]
==== Email Action Attributes

View File

@ -37,6 +37,7 @@ attribute is the message itself:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The name of a HipChat account configured in `elasticsearch.yml`.
<2> The message you want to send to HipChat.
@ -66,6 +67,7 @@ For example, the following action is configured to send messages to the
}
}
--------------------------------------------------
// NOTCONSOLE
To send messages with a HipChat account that uses the <<hipchat-api-v1, v1>>
profile, you need to specify what room or rooms you want to send the message to.
@ -92,7 +94,7 @@ For example, the following action is configured to send messages to the
}
}
--------------------------------------------------
// NOTCONSOLE
[[hipchat-action-attributes]]
==== HipChat Action Attributes

View File

@ -22,6 +22,7 @@ The following snippet shows a simple `index` action definition:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The id of the action
<2> An optional <<condition, condition>> to restrict action execution
<3> An optional <<transform, transform>> to transform the payload and prepare the data that should be indexed

View File

@ -40,6 +40,7 @@ The following snippet shows a simple jira action definition:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The name of a Jira account configured in `elasticsearch.yml`.
<2> The key of the Jira project in which the issue will be created.
<3> The name of the issue type.

View File

@ -25,6 +25,7 @@ The following snippet shows a simple logging action definition:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The id of the action.
<2> An optional <<transform, transform>> to transform the payload before
executing the `logging` action.

View File

@ -25,6 +25,7 @@ The following snippet shows a simple PagerDuty action definition:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> Description of the message
@ -59,6 +60,7 @@ payload as well as an array of contexts to the action.
}
}
--------------------------------------------------
// NOTCONSOLE
[[pagerduty-action-attributes]]

View File

@ -29,6 +29,7 @@ The following snippet shows a simple slack action definition:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The channels and users you want to send the message to.
<2> The content of the message.
@ -66,6 +67,7 @@ The following snippet shows a standard message attachment:
}
}
--------------------------------------------------
// NOTCONSOLE
[[slack-dynamic-attachment]]
@ -131,6 +133,7 @@ aggregation and the Slack action:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The list generated by the action's transform.
<2> The parameter placeholders refer to attributes in each item of the list
generated by the transform.

View File

@ -30,6 +30,7 @@ The following snippet shows a simple webhook action definition:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The id of the action
<2> An optional <<transform, transform>> to transform the payload before
executing the `webhook` action
@ -65,6 +66,7 @@ For example, the following `webhook` action creates a new issue in GitHub:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The username and password for the user creating the issue
NOTE: By default, both the username and the password are stored in the `.watches`
@ -101,6 +103,7 @@ the values serve as the parameter values:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The parameter values can contain templated strings.
@ -128,6 +131,7 @@ the values serve as the header values:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The header values can contain templated strings.

View File

@ -22,3 +22,4 @@ object:
"always" : {}
}
--------------------------------------------------
// NOTCONSOLE

View File

@ -34,6 +34,7 @@ than or equal to 25:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The path to the array in the execution
context that you want to evaluate, specified in dot notation.
<2> The path to the field in each array element that you want to evaluate.

View File

@ -49,6 +49,7 @@ search result>> is greater than or equal to 5:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> Use dot notation to reference a value in the execution context.
<2> Specify a comparison operator and the value you want to compare against.
@ -68,6 +69,7 @@ of the form `<{expression}>`. For example, the following expression returns
}
}
--------------------------------------------------
// NOTCONSOLE
You can also compare two values in the execution context by specifying the
compared value as a path of the form of `{{path}}`. For example, the following
@ -85,6 +87,7 @@ to the `ctx.payload.aggregations.handled.buckets.true.doc_count`:
}
}
--------------------------------------------------
// NOTCONSOLE
==== Accessing Values in the Execution Context

View File

@ -17,3 +17,4 @@ you specify the condition type and associate it with an empty object:
"never" : {}
}
--------------------------------------------------
// NOTCONSOLE

View File

@ -19,6 +19,7 @@ The following snippet configures an inline `script` condition that always return
"script" : "return true"
}
--------------------------------------------------
// NOTCONSOLE
This example defines a script as a simple string. This format is actually a
shortcut for defining an <<condition-script-inline, inline>> script. The
@ -43,6 +44,7 @@ parameter, `result`:
}
}
--------------------------------------------------
// NOTCONSOLE
[[condition-script-inline]]
==== Inline Scripts
@ -59,6 +61,7 @@ always returns `true`.
}
}
--------------------------------------------------
// NOTCONSOLE
[[condition-script-stored]]
==== Stored Scripts
@ -74,6 +77,7 @@ in Elasticsearch. The following snippet shows how to refer to a script by its `i
}
}
--------------------------------------------------
// NOTCONSOLE
As with <<condition-script-inline, Inline>>
scripts, you can also specify the script language and parameters:
@ -88,6 +92,7 @@ scripts, you can also specify the script language and parameters:
}
}
--------------------------------------------------
// NOTCONSOLE
[[accessing-watch-payload]]
==== Accessing the Watch Payload
@ -121,6 +126,7 @@ threshold:
}
}
--------------------------------------------------
// NOTCONSOLE
When you're using a scripted condition to evaluate an Elasticsearch response,
keep in mind that the fields in the response are no longer in their native data
@ -132,6 +138,7 @@ you need to parse the `@timestamp` string into a `DateTime`. For example:
--------------------------------------------------
org.elasticsearch.common.joda.time.DateTime.parse(@timestamp)
--------------------------------------------------
// NOTCONSOLE
You can reference the following variables in the watch context:

View File

@ -36,6 +36,7 @@ fields in the payload:
}
}
-------------------------------------
// NOTCONSOLE
See <<input-simple>> for more details.
@ -74,6 +75,7 @@ For example, the following `search` input loads the latest VIX quote:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> Will resolve to today's daily quotes index
See <<input-search>> for more details.
@ -105,7 +107,7 @@ Amsterdam using http://openweathermap.org/appid[OpenWeatherMap] online service:
}
}
--------------------------------------------------
// NOTCONSOLE
See <<input-http>> for more details.
[[chaining-inputs]]
@ -146,7 +148,7 @@ returned any hits:
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
--------------------------------------------------
// NOTCONSOLE
See <<condition-compare>> for more details.
==== Powerful Comparison Logic with the Script Condition
@ -176,7 +178,7 @@ VIX quote loaded by the `http` input is either greater than 5% or lower than -5%
}
}
--------------------------------------------------
// NOTCONSOLE
See <<condition-script>> for more details.
[[using-transforms]]
@ -231,6 +233,7 @@ attaches the payload data to the message:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The id of the action
<2> The action type, in this case it's an `email` action
@ -261,6 +264,7 @@ creates a new issue in GitHub
}
}
--------------------------------------------------
// NOTCONSOLE
<1> `<owner>` is the owner of the GitHub repo and `<repo>` is the name of the repo.
<2> The username that creates the issue
<3> The password of that user

View File

@ -13,6 +13,7 @@ To ingest this data with Logstash:
. Create a Logstash configuration file that uses the {logstash-ref}/plugins-inputs-stdin.html[Logstash standard input] and the {logstash-ref}/plugins-outputs-stdout.html[Logstash standard output] and save it in `logstash-{version}` directory as `livestream.conf`:
+
--
[source,ruby]
----------------------------------------------------------
input {
@ -38,16 +39,20 @@ output { <2>
}
----------------------------------------------------------
// NOTCONSOLE
<1> The meetup data stream is formatted in JSON.
<2> Index the meetup data into Elasticsearch.
--
. To start indexing the meetup data, pipe the RSVP stream into Logstash and specify your `livestream.conf` configuration file.
+
[source,she]
--
[source,shell]
----------------------------------------------------------
curl http://stream.meetup.com/2/rsvps | bin/logstash -f livestream.conf
---------------------------------------------------------
// NOTCONSOLE
--
Now that you're indexing the meetup RSVPs, you can set up a watch that lets you know about events you might be interested in. For example, let's create a watch that runs every hour, looks for events that talk about about _Open Source_, and sends an email with information about the events.
@ -56,6 +61,7 @@ To set up the watch:
. Specify how often you want to run the watch by adding a schedule trigger to the watch:
+
--
[source,js]
--------------------------------------------------
{
@ -65,8 +71,11 @@ To set up the watch:
}
},
--------------------------------------------------
// NOTCONSOLE
--
. Load data into the watch payload by creating an input that searches the meetup data for events that have _Open Source_ as a topic. You can use aggregations to group the data by city, consolidate references to the same events, and sort the events by date.
+
--
[source,js]
-------------------------------------------------
"input": {
@ -135,19 +144,28 @@ To set up the watch:
}
},
--------------------------------------------------
// NOTCONSOLE
<1> Elasticsearch Date math is used to select the Logstash indices that contain the meetup data. The second pattern is needed in case the previous hour crosses days.
<2> Find all of the RSVPs with `Open Source` as a topic.
<3> Group the RSVPs by city.
<4> Consolidate multiple RSVPs for the same event.
<5> Sort the events so the latest events are listed first.
<6> Group the events by name.
--
. To determine whether or not there are any Open Source events, add a compare condition that checks the watch payload to see if there were any search hits.
+
--
[source,js]
--------------------------------------------------
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
--------------------------------------------------
// NOTCONSOLE
--
. To send an email when _Open Source_ events are found, add an email action:
+
--
[source,js]
--------------------------------------------------
"actions": {
@ -167,6 +185,8 @@ To set up the watch:
}
}
---------------------------------------------------
// NOTCONSOLE
--
NOTE: To enable Watcher to send emails, you must configure an email account in `elasticsearch.yml`. For more information, see <<configuring-email, Working with Various Email Services>>.

View File

@ -283,6 +283,7 @@ The following snippet shows the basic structure of the _Watch Execution Context_
"vars" : { ... } <6>
}
----------------------------------------------------------------------
// NOTCONSOLE
<1> Any static metadata specified in the watch definition.
<2> The current watch payload.
<3> The id of the executing watch.
@ -348,6 +349,7 @@ in sent emails:
}
}
----------------------------------------------------------------------
// NOTCONSOLE
[float]
[[inline-templates-scripts]]
@ -369,6 +371,7 @@ the context metadata.
}
}
----------------------------------------------------------------------
// NOTCONSOLE
For a script, you simply specify the inline script as the value of the `script`
field. For example:
@ -379,6 +382,7 @@ field. For example:
"script" : "return true"
}
----------------------------------------------------------------------
// NOTCONSOLE
You can also explicitly specify the inline type by using a formal object
definition as the field value. For example:
@ -395,6 +399,7 @@ definition as the field value. For example:
}
}
----------------------------------------------------------------------
// NOTCONSOLE
The formal object definition for a script would be:
@ -406,6 +411,7 @@ The formal object definition for a script would be:
}
}
----------------------------------------------------------------------
// NOTCONSOLE
[float]
[[stored-templates-scripts]]
@ -436,3 +442,4 @@ references the `email_notification_subject` template:
}
}
----------------------------------------------------------------------
// NOTCONSOLE

View File

@ -38,6 +38,7 @@ path set by a `simple` input:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The inputs in a chain are specified as an array to guarantee the order in
which the inputs are processed. (JSON does not guarantee the order of
arbitrary objects.)
@ -90,3 +91,4 @@ still be available in its original form in `ctx.payload.first`.
}
}
--------------------------------------------------
// NOTCONSOLE

View File

@ -40,6 +40,7 @@ index:
}
}
--------------------------------------------------
// NOTCONSOLE
You can use the full Elasticsearch {ref}/query-dsl.html[Query DSL] to perform
more sophisticated searches. For example, the following `http` input retrieves
@ -58,6 +59,7 @@ all documents that contain `event` in the `category` field:
}
}
--------------------------------------------------
// NOTCONSOLE
==== Calling Elasticsearch APIs
@ -82,6 +84,7 @@ Stats] API and enables the `human` attribute:
}
}
--------------------------------------------------
// NOTCONSOLE
<1> Enabling this attribute returns the `bytes` values in the response in human
readable format.
@ -110,6 +113,7 @@ a username and password to access `myservice`:
}
}
--------------------------------------------------
// NOTCONSOLE
You can also pass in service-specific API keys and other information
through the `params` attribute. For example, the following `http`
@ -131,6 +135,7 @@ http://openweathermap.org/appid[OpenWeatherMap] service:
}
}
--------------------------------------------------
// NOTCONSOLE
==== Using Templates
@ -153,6 +158,7 @@ and restrict the results to documents added within the last five minutes:
}
}
--------------------------------------------------
// NOTCONSOLE
==== Accessing the HTTP Response

View File

@ -32,6 +32,7 @@ documents from the `logs` index:
}
}
--------------------------------------------------
// NOTCONSOLE
You can use date math and wildcards when specifying indices. For example,
the following input loads the latest VIXZ quote from today's daily quotes index:
@ -57,6 +58,7 @@ the following input loads the latest VIXZ quote from today's daily quotes index:
}
}
--------------------------------------------------
// NOTCONSOLE
==== Extracting Specific Fields
@ -78,6 +80,7 @@ watch payload:
}
},
--------------------------------------------------
// NOTCONSOLE
==== Using Templates
@ -105,6 +108,7 @@ parameter:
...
}
--------------------------------------------------
// NOTCONSOLE
==== Applying Conditions
@ -131,6 +135,7 @@ check if the search returned more than five hits:
...
}
--------------------------------------------------
// NOTCONSOLE
==== Accessing the Search Results

View File

@ -20,6 +20,7 @@ an object (`obj`):
}
}
--------------------------------------------------
// NOTCONSOLE
For example, the following watch uses the `simple` input to set the recipient
name for a daily reminder email:
@ -48,3 +49,4 @@ name for a daily reminder email:
}
}
--------------------------------------------------
// NOTCONSOLE

View File

@ -52,6 +52,7 @@ part of the definition of the `my_webhook` action.
]
}
--------------------------------------------------
// NOTCONSOLE
<1> A watch level `transform`
<2> An action level `transform`

View File

@ -33,6 +33,7 @@ following snippet:
]
}
--------------------------------------------------
// NOTCONSOLE
<1> The `chain` transform definition
<2> The first transform in the chain (in this case, a `search` transform)
<3> The second and final transform in the chain (in this case, a `script`

View File

@ -20,6 +20,7 @@ TIP: The `script` transform is often useful when used in combination with the
}
}
--------------------------------------------------
// NOTCONSOLE
<1> A simple `painless` script that creates a new payload with a single `time`
field holding the scheduled time.

View File

@ -18,6 +18,7 @@ defined on the watch level:
}
}
--------------------------------------------------
// NOTCONSOLE
Like every other search based construct, one can make use of the full search
API supported by Elasticsearch. For example, the following search transform
@ -41,6 +42,7 @@ execute a search over all events indices, matching events with `error` priority:
}
}
--------------------------------------------------
// NOTCONSOLE
The following table lists all available settings for the search transform:
@ -129,6 +131,7 @@ time of the watch:
}
}
--------------------------------------------------
// NOTCONSOLE
The model of the template is a union between the provided `template.params`
settings and the <<watch-execution-context, standard watch execution context model>>.
@ -173,3 +176,4 @@ The following is an example of using templates that refer to provided parameters
}
}
--------------------------------------------------
// NOTCONSOLE

View File

@ -184,6 +184,7 @@ that triggers every day at noon:
...
}
--------------------------------------------------
// NOTCONSOLE
===== Configuring a Multiple Times Cron Schedule
@ -207,6 +208,7 @@ minute during the weekend:
...
}
--------------------------------------------------
// NOTCONSOLE
[[croneval]]
===== Verifying Cron Expressions

View File

@ -28,6 +28,7 @@ day at 5:00 PM:
}
}
--------------------------------------------------
// NOTCONSOLE
===== Configuring a Multiple Times Daily Schedule
@ -45,6 +46,7 @@ triggers at `00:00`, `12:00`, and `17:00` every day.
}
}
--------------------------------------------------
// NOTCONSOLE
[[specifying-times-using-objects]]
===== Specifying Times Using Objects
@ -69,6 +71,7 @@ For example, the following `daily` schedule triggers once every day at 5:00 PM:
}
}
--------------------------------------------------
// NOTCONSOLE
To specify multiple times using the object notation, you specify multiple hours
or minutes as an array. For example, following `daily` schedule triggers at
@ -89,3 +92,4 @@ or minutes as an array. For example, following `daily` schedule triggers at
}
}
--------------------------------------------------
// NOTCONSOLE

View File

@ -28,6 +28,7 @@ For example, the following `hourly` schedule triggers at minute 30 every hour--
}
}
--------------------------------------------------
// NOTCONSOLE
===== Configuring a Multiple Times Hourly Schedule
@ -46,3 +47,4 @@ triggers every 15 minutes every hour--`12:00`, `12:15`, `12:30`, `12:45`,
}
}
--------------------------------------------------
// NOTCONSOLE

View File

@ -34,3 +34,4 @@ For example, the following `interval` schedule triggers every five minutes:
}
}
--------------------------------------------------
// NOTCONSOLE

View File

@ -26,6 +26,7 @@ on the 10th of each month at noon:
}
}
--------------------------------------------------
// NOTCONSOLE
NOTE: You can also specify the day and time with the `day` and `time` attributes,
they are interchangeable with `on` and `at`.
@ -50,6 +51,7 @@ schedule triggers at 12:00 PM on the 10th of each month and at 5:00 PM on the
}
}
--------------------------------------------------
// NOTCONSOLE
Alternatively, you can specify days and times in an object that has `on` and `at`
attributes that contain an array of values. For example, the following `monthly`
@ -68,3 +70,4 @@ schedule triggers at 12:00 AM and 12:00 PM on the 10th and 20th of each month.
}
}
--------------------------------------------------
// NOTCONSOLE

View File

@ -32,6 +32,7 @@ triggers once a week on Friday at 5:00 PM:
}
}
--------------------------------------------------
// NOTCONSOLE
NOTE: You can also specify the day and time with the `day` and `time` attributes,
they are interchangeable with `on` and `at`.
@ -55,6 +56,7 @@ schedule triggers every Tuesday at 12:00 PM and every Friday at 5:00 PM:
}
}
--------------------------------------------------
// NOTCONSOLE
Alternatively, you can specify days and times in an object that has `on` and
`minute` attributes that contain an array of values. For example, the following
@ -73,3 +75,4 @@ Alternatively, you can specify days and times in an object that has `on` and
}
}
--------------------------------------------------
// NOTCONSOLE

View File

@ -37,6 +37,7 @@ example, the following `yearly` schedule triggers once a year at noon on January
}
}
--------------------------------------------------
// NOTCONSOLE
NOTE: You can also specify the month, day, and time with the `month`, `day`, and
`time` attributes, they are interchangeable with `in`, `on`, and `at`.
@ -61,6 +62,7 @@ on July 20th.
}
}
--------------------------------------------------
// NOTCONSOLE
Alternatively, you can specify the months, days, and times in an object that has
`in`, `on`, and `minute` attributes that contain an array of values. For example,
@ -81,3 +83,4 @@ January 20th, December 10th, and December 20th.
}
}
--------------------------------------------------
// NOTCONSOLE

View File

@ -30,6 +30,8 @@ mappings:
--------------------------------------------------
DELETE .watches
--------------------------------------------------
// CONSOLE
// TEST[skip:index deletion]
+
. Disable direct access to the `.watches` index:
.. Stop the Elasticsearch node.