93 lines
2.4 KiB
JSON
93 lines
2.4 KiB
JSON
{
|
|
"trigger": {
|
|
"schedule": {
|
|
"interval": "1m"
|
|
}
|
|
},
|
|
"input": {
|
|
"search": {
|
|
"request": {
|
|
"indices": ".marvel-*",
|
|
"types": "cluster_stats",
|
|
"body": {
|
|
"query": {
|
|
"filtered": {
|
|
"filter": {
|
|
"bool": {
|
|
"must": [
|
|
{
|
|
"range": {
|
|
"timestamp": {
|
|
"gte": "now-2m",
|
|
"lte": "now"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"should": [
|
|
{
|
|
"term": {
|
|
"status.raw": "red"
|
|
}
|
|
},
|
|
{
|
|
"term": {
|
|
"status.raw": "green"
|
|
}
|
|
},
|
|
{
|
|
"term": {
|
|
"status.raw": "yellow"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"fields": ["timestamp","status"],
|
|
"sort": [
|
|
{
|
|
"timestamp": {
|
|
"order": "desc"
|
|
}
|
|
}
|
|
],
|
|
"size": 1,
|
|
"aggs": {
|
|
"minutes": {
|
|
"date_histogram": {
|
|
"field": "timestamp",
|
|
"interval": "5s"
|
|
},
|
|
"aggs": {
|
|
"status": {
|
|
"terms": {
|
|
"field": "status.raw",
|
|
"size": 3
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"throttle_period": "30m",
|
|
"condition": {
|
|
"script": {
|
|
"inline": "if (ctx.payload.hits.total < 1) return false; def rows = ctx.payload.hits.hits; if (rows[0].fields.status[0] != 'red') return false; if (ctx.payload.aggregations.minutes.buckets.size() < 12) return false; def last60Seconds = ctx.payload.aggregations.minutes.buckets[-12..-1]; return last60Seconds.every { it.status.buckets.every { s -> s.key == 'red' } }"
|
|
}
|
|
},
|
|
"actions": {
|
|
"send_email": {
|
|
"email": {
|
|
"to": "user@example.com",
|
|
"subject": "Watcher Notification - Cluster has been RED for the last 60 seconds",
|
|
"body": "Your cluster has been red for the last 60 seconds."
|
|
}
|
|
}
|
|
}
|
|
}
|