80 lines
2.4 KiB
JSON
80 lines
2.4 KiB
JSON
{
|
|
"metadata": {
|
|
"fielddata_cache_size": 100000,
|
|
"threshold": 0.8
|
|
},
|
|
"trigger": {
|
|
"schedule": {
|
|
"interval": "1m"
|
|
}
|
|
},
|
|
"input": {
|
|
"search": {
|
|
"request": {
|
|
"indices": [
|
|
".marvel-*"
|
|
],
|
|
"types": "node_stats",
|
|
"search_type": "count",
|
|
"body": {
|
|
"query": {
|
|
"filtered": {
|
|
"filter": {
|
|
"range": {
|
|
"timestamp": {
|
|
"gte": "now-1m",
|
|
"lte": "now"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"aggs": {
|
|
"minutes": {
|
|
"date_histogram": {
|
|
"field": "timestamp",
|
|
"interval": "5s"
|
|
},
|
|
"aggs": {
|
|
"nodes": {
|
|
"terms": {
|
|
"field": "node.name.raw",
|
|
"size": 10,
|
|
"order": {
|
|
"fielddata": "desc"
|
|
}
|
|
},
|
|
"aggs": {
|
|
"fielddata": {
|
|
"avg": {
|
|
"field": "indices.fielddata.memory_size_in_bytes"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"throttle_period": "30m",
|
|
"condition": {
|
|
"script": "if (ctx.payload.aggregations.minutes.buckets.size() == 0) return false; def latest = ctx.payload.aggregations.minutes.buckets[-1]; def node = latest.nodes.buckets[0]; return node && node.fielddata && node.fielddata.value >= (ctx.metadata.fielddata_cache_size * ctx.metadata.threshold);"
|
|
},
|
|
"actions": {
|
|
"send_email": {
|
|
"transform": {
|
|
"script": "def latest = ctx.payload.aggregations.minutes.buckets[-1]; return latest.nodes.buckets.findAll({ return it.fielddata && it.fielddata.value >= (ctx.metadata.fielddata_cache_size * ctx.metadata.threshold) }).collect({ it.fielddata.percent = Math.round((it.fielddata.value/ctx.metadata.fielddata_cache_size)*100); it });"
|
|
},
|
|
"email": {
|
|
"to": "user@example.com",
|
|
"subject": "Watcher Notification - NODES WITH 80% FIELDDATA UTILIZATION",
|
|
"body": "Nodes with 80% FIELDDATA UTILIZATION (above 80%):\n\n{{#ctx.payload._value}}\"{{key}}\" - Fielddata utilization is at {{fielddata.value}} bytes ({{fielddata.percent}}%)\n{{/ctx.payload._value}}"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|