mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-03-09 14:34:43 +00:00
47a78648df
This commit : 1. Ensures an alert will run even if the lastFireTime is null (first time we see an alert) 2. Removes the incorrect license that existed in some of the files. 3. Cuts the BasicTest over to use the AlertsClient and deletes the alert at the end of the test to prevent it running in a race condition. 4. Moves the execute method signatures in AlertsClient to be on a single line. Original commit: elastic/x-pack-elasticsearch@9c3aec0127
alerting
This is the elasticsearch alerting plugin repo.
POST _search/template/webErrors
{
"template": { "range" : {
"response" : {
"from" :400,
"to" : 600
}
}
}
}
DELETE /_alerting/_delete/myNewAlert
POST /_alerting/_create/myNewAlert
{
"query" : "webErrors",
"schedule" : "05 * * * * ?",
"trigger" : {
"numberOfEvents" : ">2"
},
"timeperiod" : "300s",
"action" : {
"email" : {
"addresses" : [ "brian.murphy@elasticsearch.com" ],
"display": "message"
}
},
"indices" : [ "logstash*" ],
"enabled" : false
}
POST /_alerting/_enable/myNewAlert
DELETE /_alerting/_delete/myIndexAlert
POST /_alerting/_create/myIndexAlert
{
"query" : "webErrors",
"schedule" : "05 * * * * ?",
"trigger" : {
"numberOfEvents" : ">0"
},
"timeperiod" : "300s",
"action" : {
"index" : {
"index" : "weberrorhistory",
"type" : "weberrorresult"
}
},
"indices" : [ "logstash*" ],
"enabled" : true
}
POST /_search/template/testFilteredAgg
{
"query" : {
"filtered" : {
"query" : {
"match_all" : {}
},
"filter": {
"range" : {
"@timestamp" : {
"gte" : "{{from}}",
"lt" : "{{to}}"
}
}
}
}
},
"aggs" : {
"response" : {
"terms" : {
"field" : "response",
"size" : 100
}
}
}, "size" : 0 }
POST /_scripts/groovy/testScript
{
"script" : "ok_count = 0.0;error_count = 0.0;for(bucket in aggregations.response.buckets) {if (bucket.key < 400){ok_count += bucket.doc_count;} else {error_count += bucket.doc_count;}}; return error_count/(ok_count+1) >= 0.1;"
}
DELETE /_alerting/_delete/myScriptedAlert
POST /_alerting/_create/myScriptedAlert
{
"query" : "testFilteredAgg",
"schedule" : "05 * * * * ?",
"trigger" : {
"script" : {
"script" : "testScript",
"script_lang" : "groovy",
"script_type" : "INDEXED"
}
},
"timeperiod" : "300s",
"action" : {
"index" : {
"index" : "weberrorhistory",
"type" : "weberrorresult"
},
"email" : {
"addresses" : [ "brian.murphy@elasticsearch.com" ],
"display": "message"
}
},
"indices" : [ "logstash*" ],
"enabled" : true,
"simple" : false
}
The email will look like :
The following query triggered because numberOfEvents > 1
The total number of hits returned : 25
For query : {
"query" : {
"filtered" : {
"query" : {
"template" : {
"id" : "myAlertQuery"
}
},
"filter" : {
"range" : {
"@timestamp" : {
"gte" : "2014-08-13T16:45:00.000Z",
"lt" : "2014-08-13T16:50:00.000Z"
}
}
}
}
}
}
Indices : logstash*/
128.141.154.156 - - [13/Aug/2014:17:46:21 +0100] "GET /blog/geekery/debugging-java-performance.html HTTP/1.1" 200 15796 "http://logstash.net/docs/1.1.6/life-of-an-event" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
128.141.154.156 - - [13/Aug/2014:17:46:21 +0100] "GET /reset.css HTTP/1.1" 200 1015 "http://www.semicomplete.com/blog/geekery/debugging-java-performance.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
128.141.154.156 - - [13/Aug/2014:17:46:21 +0100] "GET /style2.css HTTP/1.1" 200 4877 "http://www.semicomplete.com/blog/geekery/debugging-java-performance.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
50.16.19.13 - - [13/Aug/2014:17:48:06 +0100] "GET /blog/tags/puppet?flav=rss20 HTTP/1.1" 200 14872 "http://www.semicomplete.com/blog/tags/puppet?flav=rss20" "Tiny Tiny RSS/1.11 (http://tt-rss.org/)"
50.7.228.180 - - [13/Aug/2014:17:48:32 +0100] "GET /misc/sample.log HTTP/1.1" 200 54306753 "http://www.semicomplete.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Firefox/22.0"
193.138.160.116 - - [13/Aug/2014:17:49:23 +0100] "GET /scripts/backup/ HTTP/1.1" 200 1328 "http://www.semicomplete.com/scripts/" "Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1"
128.141.154.156 - - [13/Aug/2014:17:46:21 +0100] "GET /images/jordan-80.png HTTP/1.1" 200 6146 "http://www.semicomplete.com/blog/geekery/debugging-java-performance.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
128.141.154.156 - - [13/Aug/2014:17:46:22 +0100] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
195.168.193.181 - - [13/Aug/2014:17:48:15 +0100] "GET /projects/xdotool/ HTTP/1.1" 200 12292 "http://www.linuxquestions.org/questions/programming-9/simulating-a-mouse-click-594576/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0"
193.138.160.116 - - [13/Aug/2014:17:48:42 +0100] "GET /scripts/parsehttp HTTP/1.1" 200 332 "http://www.semicomplete.com/scripts/" "Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1"