Commit Graph

22 Commits

Author SHA1 Message Date
Brian Murphy 8c623534c2 Alerting : Cleanup and fixes.
These changes fix the alert throttling during the time period, move alert history it's own
index.

Original commit: elastic/x-pack-elasticsearch@5130637824
2014-08-21 16:33:11 +01:00
Brian Murphy 47e1e77b58 Alerting : Start of multiprocess coordination work
On alert claim time, query index to make sure alert is still valid and enabled and is the same alert.

Original commit: elastic/x-pack-elasticsearch@72b816b7d1
2014-08-19 13:31:01 +01:00
Brian Murphy 0eea73dd72 Alerting: Scripted triggers and support for aggregations in searches.
This commit adds support for triggers that are scripts:

Query :
````
POST /_search/template/testFilteredAgg
{
  "query" : {
    "filtered" : {
      "query" : {
        "match_all" : {}
     },
     "filter": {
       "range" : {
         "@timestamp" : {
             "gte" : "{{from}}",
             "lt" : "{{to}}"
         }
       }
     }
    }
  },
    "aggs" : {
      "response" : {
        "terms" : {
          "field" : "response",
          "size" : 100
        }
      }
}, "size" : 0  }
````

Trigger Script:
````
POST /_scripts/groovy/testScript
{
  "script" : "ok_count = 0.0;error_count = 0.0;for(bucket in aggregations.response.buckets) {if (bucket.key < 400){ok_count += bucket.doc_count;} else {error_count += bucket.doc_count;}}; return error_count/(ok_count+1) > 0.1;"
}
````

Alert:
````
POST /_alerting/_create/myScriptedAlert
{
    "query" : "testFilteredAgg",
    "schedule" : "05 * * * * ?",
    "trigger" : {
         "script" : {
           "script" : "testScript",
           "script_lang" : "groovy",
           "script_type" : "INDEXED"
         }
     },
    "timeperiod" : "300s",
     "action" : {
         "index" : {
           "index" : "weberrorhistory",
           "type" : "weberrorresult"
         }
     },
    "indices" : [ "logstash*" ],
    "enabled" : true,
    "simple" : false
}
````

If you want to use aggs with your alert you must create a search that contains the timefilter with the params ````{{from}}```` and ````{{to}}```` and set the ````simple```` flag to ````true````.

Original commit: elastic/x-pack-elasticsearch@0430a1bf40
2014-08-18 16:59:49 +01:00
Brian Murphy 4216491824 Alerting : Improve error handling in the RestInterface
This commit improves error handling in the RestHandler. Errors are now
returned to the client.

Original commit: elastic/x-pack-elasticsearch@433e8a57bc
2014-08-18 12:28:48 +01:00
Brian Murphy 14d0bcd589 Alerting add TODO
Original commit: elastic/x-pack-elasticsearch@23cf5fce8b
2014-08-18 12:22:13 +01:00
Brian Murphy 418b9f1a31 Alerting : Add scripted triggers and alert disabling.
This commit adds support for disabling alerts.
This commit adds preliminary support for scripted triggers.

Original commit: elastic/x-pack-elasticsearch@e14a56dbeb
2014-08-18 12:13:39 +01:00
Brian Murphy 4c1c502f80 Alerting : Fix IndexAction
This commit contains fixes to the IndexAlertAction and normalizes the serialization of
Alerts using ToXContent interface.

Original commit: elastic/x-pack-elasticsearch@47325bdd01
2014-08-18 11:23:45 +01:00
Brian Murphy 26e053eaed Alerting : Claim alert runs
This commit add functionality so that multiple nodes running alert plugins won't stand on
each other trying to run the same alerts at the same time.

Original commit: elastic/x-pack-elasticsearch@9c350c0114
2014-08-18 10:27:07 +01:00
Brian Murphy 83287e009a Alerting : Add index action.
This commit adds support for indexing on alert trigger.

Original commit: elastic/x-pack-elasticsearch@d6508ce16d
2014-08-17 13:49:29 +01:00
Brian Murphy d1af9f15fe Alerting : Small fixes.
Fix the constructor for the AlertResult.

Original commit: elastic/x-pack-elasticsearch@0820edaa6a
2014-08-16 17:44:44 +01:00
Brian Murphy 019cdb37d4 Alerting : Add support for history and fix issues around parsing lastRun.
This commit adds a history log for alerts and updates lastRan with the correct time.

Original commit: elastic/x-pack-elasticsearch@49c77f1ef8
2014-08-15 16:46:41 +01:00
Brian Murphy 4c47c8ba9a Alerting : REST endpoints
This commit adds REST endpoints for list/delete/create and fixes refresh.

Original commit: elastic/x-pack-elasticsearch@36e2c15753
2014-08-15 11:45:45 +01:00
Brian Murphy e648cc7f82 Alerting : Update README.md
Add sample alert to README.md and describe the email output.

Original commit: elastic/x-pack-elasticsearch@2b78e26dfd
2014-08-13 18:05:56 +01:00
Brian Murphy b5cb8b3d04 Alerting : Add RestHandler
This commit adds the rest handler and supports /_alerting/_refresh to reload all alerts.

Original commit: elastic/x-pack-elasticsearch@14fadbeeee
2014-08-13 18:00:36 +01:00
Brian Murphy 0d9061b838 Alerting : better email formatting
This commit enables better email formatting.

Original commit: elastic/x-pack-elasticsearch@8be3e3b6d1
2014-08-13 17:05:25 +01:00
Brian Murphy e3250c0366 Alerting : Add time clamping.
This commit adds timestamp clamping on the timeperiod to alerting.
Also adds index setting on alerts.

Original commit: elastic/x-pack-elasticsearch@222cd6eaef
2014-08-13 15:21:55 +01:00
Brian Murphy 88ed7a5624 Alerting : Add parsing and indices.
This commit adds parsing of the triggers and actions, and allows alerts to be restricted to indices.

Original commit: elastic/x-pack-elasticsearch@44a6a51b17
2014-08-13 10:11:51 +01:00
Brian Murphy 940d6402ae Alerting : connect email
The last commit ommited a line that actually sends the email on alert trigger.

Original commit: elastic/x-pack-elasticsearch@24b5c01db8
2014-08-12 19:54:13 +01:00
Brian Murphy 5f84596c92 Alerting : Add support for quartz scheduler.
This commit enables loading of alerts from the .alerts index and adds the
Quartz scheduler.
You can add the following alert :
````
curl -XPOST http://localhost:9200/.alerts/alert/myTestAlert -d '{
    "query" : "myAlertQuery",
    "schedule" : "00 * * * * ?",
    "trigger" : {
         "numberOfEvents" : ">1"
     },
    "timeperiod" : 300,
     "action" : {
         "email" : [ "brian.murphy@elasticsearch.com" ]
     },
    "version" : 1,
    "lastRan" : "2014-05-05T12:12:12.123Z"
}
````
With the following search template:
````
curl -XPOST localhost:9200/_search/template/myAlertQuery -d '{ "template" : { "query" : { "match_all" : {} } } }'
````
This will execute the search every minute and trigger if there is more than one match (which there will be).

Original commit: elastic/x-pack-elasticsearch@708f927914
2014-08-12 18:57:28 +01:00
Brian Murphy 1e6d6b58c9 Alerting Plugin : First commit
Very rough non-functional commit of the alerting plugin.
Please be gentle.

Original commit: elastic/x-pack-elasticsearch@98870d0778
2014-08-12 13:55:10 +01:00
Brian Murphy d19f4b5954 Initial commit
Original commit: elastic/x-pack-elasticsearch@c4b218b393
2014-08-11 17:11:03 +01:00
uboness 5ee82e4ae7 Initial X-Pack commit 2018-04-20 14:16:58 -07:00