README: Update readme with new REST actions.

This commit brings the README uptodate with the new alert REST managment interface. Original commit: elastic/x-pack-elasticsearch@dea5855a80
2014-11-13 18:56:33 +00:00 · 2014-11-13 18:56:33 +00:00 · a78d10da42
parent aa6a51306c
commit a78d10da42
1 changed files with 116 additions and 147 deletions
--- a/README.md
+++ b/README.md
@ -3,160 +3,129 @@ alerting
 This is the elasticsearch alerting plugin repo.
-````
+Creating an alert :
 POST _search/template/webErrors
 { 
  "template": { "range" : {
      "response" : {
        "from" :400,
        "to" : 600
      }
  }  
  }
 }
 DELETE /_alerting/_delete/myNewAlert
 POST /_alerting/_create/myNewAlert
 {
    "query" : "webErrors",
    "schedule" : "05 * * * * ?",
    "trigger" : {
         "numberOfEvents" : ">2"
     },
    "timeperiod" : "300s",
     "action" : {
         "email" : {
           "addresses" : [ "brian.murphy@elasticsearch.com" ],
           "display": "message"
         }
     },
    "indices" : [ "logstash*" ],
    "enabled" : false
 }
 POST /_alerting/_enable/myNewAlert
 DELETE /_alerting/_delete/myIndexAlert
 POST /_alerting/_create/myIndexAlert
 {
    "query" : "webErrors",
    "schedule" : "05 * * * * ?",
    "trigger" : {
         "numberOfEvents" : ">0"
     },
    "timeperiod" : "300s",
     "action" : {
         "index" : {
           "index" : "weberrorhistory",
           "type" : "weberrorresult"
         }
     },
    "indices" : [ "logstash*" ],
    "enabled" : true
 }
 POST /_search/template/testFilteredAgg
 {
  "query" : { 
    "filtered" : {
      "query" : { 
        "match_all" : {}
     },
     "filter": {
       "range" : {
         "@timestamp" : {
             "gte" : "{{from}}",
             "lt" : "{{to}}"
         }
       }
     }
    } 
  },
    "aggs" : { 
      "response" : {
        "terms" : {
          "field" : "response",
          "size" : 100
        }
      }
 }, "size" : 0  }
 POST /_scripts/groovy/testScript 
 {
  "script" : "ok_count = 0.0;error_count = 0.0;for(bucket in aggregations.response.buckets) {if (bucket.key < 400){ok_count += bucket.doc_count;} else {error_count += bucket.doc_count;}}; return error_count/(ok_count+1) >= 0.1;"
 }
 DELETE /_alerting/_delete/myScriptedAlert
 POST /_alerting/_create/myScriptedAlert
 {
    "query" : "testFilteredAgg",
    "schedule" : "05 * * * * ?",
    "trigger" : {
         "script" : {
           "script" : "testScript",
           "script_lang" : "groovy",
           "script_type" : "INDEXED"
         }
     },
    "timeperiod" : "300s",
     "action" : {
         "index" : {
           "index" : "weberrorhistory",
           "type" : "weberrorresult"
         },
        "email" : {
           "addresses" : [ "brian.murphy@elasticsearch.com" ],
           "display": "message"
         }
     },
    "indices" : [ "logstash*" ],
    "enabled" : true,
    "simple" : false
 }
 ````
-
+PUT _alert/testalert
-
+{
-The email will look like : 
+  "request" : {
-````
+    "indices" : [
-The following query triggered because numberOfEvents > 1
+      "logstash*"
-The total number of hits returned : 25
+    ],
-For query : {
+    "body" : {
-  "query" : {
+    "query" : {
-    "filtered" : {
+      "filtered": {
-      "query" : {
+        "query": {
-        "template" : {
+          "match": {
-          "id" : "myAlertQuery"
+            "response": 404
-        }
+          }
-      },
+        },
-      "filter" : {
+        "filter": {
-        "range" : {
+          "range": {
          "@timestamp" : {
-            "gte" : "2014-08-13T16:45:00.000Z",
+            "from": "{{SCHEDULED_FIRE_TIME}}||-5m",
-            "lt" : "2014-08-13T16:50:00.000Z"
+            "to": "{{SCHEDULED_FIRE_TIME}}"  
          }
          }
        }
      } 
      }
    }
-  }
+    }
  ,
  "trigger" : { "script" : {
    "script" : "hits.total > 1",
    "script_lang" : "groovy"
  } },
  "actions" : 
    {
      "email" : {
        "addresses" : ["brian.murphy@elasticsearch.com"]
      }
    },
    "schedule" : "0 0/1 * * * ?",
    "enable" : true
 }
 Indices : logstash*/
 128.141.154.156 - - [13/Aug/2014:17:46:21 +0100] "GET /blog/geekery/debugging-java-performance.html HTTP/1.1" 200 15796 "http://logstash.net/docs/1.1.6/life-of-an-event" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
 128.141.154.156 - - [13/Aug/2014:17:46:21 +0100] "GET /reset.css HTTP/1.1" 200 1015 "http://www.semicomplete.com/blog/geekery/debugging-java-performance.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
 128.141.154.156 - - [13/Aug/2014:17:46:21 +0100] "GET /style2.css HTTP/1.1" 200 4877 "http://www.semicomplete.com/blog/geekery/debugging-java-performance.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
 50.16.19.13 - - [13/Aug/2014:17:48:06 +0100] "GET /blog/tags/puppet?flav=rss20 HTTP/1.1" 200 14872 "http://www.semicomplete.com/blog/tags/puppet?flav=rss20" "Tiny Tiny RSS/1.11 (http://tt-rss.org/)"
 50.7.228.180 - - [13/Aug/2014:17:48:32 +0100] "GET /misc/sample.log HTTP/1.1" 200 54306753 "http://www.semicomplete.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Firefox/22.0"
 193.138.160.116 - - [13/Aug/2014:17:49:23 +0100] "GET /scripts/backup/ HTTP/1.1" 200 1328 "http://www.semicomplete.com/scripts/" "Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1"
 128.141.154.156 - - [13/Aug/2014:17:46:21 +0100] "GET /images/jordan-80.png HTTP/1.1" 200 6146 "http://www.semicomplete.com/blog/geekery/debugging-java-performance.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
 128.141.154.156 - - [13/Aug/2014:17:46:22 +0100] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
 195.168.193.181 - - [13/Aug/2014:17:48:15 +0100] "GET /projects/xdotool/ HTTP/1.1" 200 12292 "http://www.linuxquestions.org/questions/programming-9/simulating-a-mouse-click-594576/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0"
 193.138.160.116 - - [13/Aug/2014:17:48:42 +0100] "GET /scripts/parsehttp HTTP/1.1" 200 332 "http://www.semicomplete.com/scripts/" "Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1"
 ````
 Expected response : 
 ````
 {
   "_index": ".alerts",
   "_type": "alert",
   "_id": "testalert",
   "_version": 1,
   "created": true
 }
 ````
 Viewing an existing alert :
 ````
 {
   "found": true,
   "_index": ".alerts",
   "_type": "alert",
   "_id": "testalert",
   "_version": 1,
   "alert": {
      "trigger": {
         "script": {
            "script_lang": "groovy",
            "script": "hits.total > 1"
         }
      },
      "schedule": "0 0/1 * * * ?",
      "request": {
         "body": {
            "query": {
               "filtered": {
                  "query": {
                     "match": {
                        "response": 404
                     }
                  },
                  "filter": {
                     "range": {
                        "@timestamp": {
                           "to": "{{SCHEDULED_FIRE_TIME}}",
                           "from": "{{SCHEDULED_FIRE_TIME}}||-5m"
                        }
                     }
                  }
               }
            }
         },
         "indices": [
            "logstash*"
         ]
      },
      "enable": true,
      "actions": {
         "email": {
            "addresses": [
               "brian.murphy@elasticsearch.com"
            ]
         }
      }
   }
 }
 ````
 Deleting an alert :
 ````
 DELETE _alert/testalert
 ````
 Expected output :
 ````
 {
   "found": true,
   "_index": ".alerts",
   "_type": "alert",
   "_id": "testalert",
   "_version": 4
 }
 ````