honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/README.md

132 lines
2.3 KiB
Markdown
Raw Blame History

alerting
========
This is the elasticsearch alerting plugin repo.
Creating an alert :
````
PUT _alert/testalert
{
"request" : {
"indices" : [
"logstash*"
],
"body" : {
"query" : {
"filtered": {
"query": {
"match": {
"response": 404
}
},
"filter": {
"range": {
"@timestamp" : {
"from": "{{SCHEDULED_FIRE_TIME}}||-5m",
"to": "{{SCHEDULED_FIRE_TIME}}"
}
}
}
}
}
}
}
,
"trigger" : { "script" : {
"script" : "hits.total > 1",
"script_lang" : "groovy"
} },
"actions" :
{
"email" : {
"addresses" : ["brian.murphy@elasticsearch.com"]
}
},
"schedule" : "0 0/1 * * * ?",
"enable" : true
}
````
Expected response :
````
{
"_index": ".alerts",
"_type": "alert",
"_id": "testalert",
"_version": 1,
"created": true
}
````
Viewing an existing alert :
````
{
"found": true,
"_index": ".alerts",
"_type": "alert",
"_id": "testalert",
"_version": 1,
"alert": {
"trigger": {
"script": {
"script_lang": "groovy",
"script": "hits.total > 1"
}
},
"schedule": "0 0/1 * * * ?",
"request": {
"body": {
"query": {
"filtered": {
"query": {
"match": {
"response": 404
}
},
"filter": {
"range": {
"@timestamp": {
"to": "{{SCHEDULED_FIRE_TIME}}",
"from": "{{SCHEDULED_FIRE_TIME}}||-5m"
}
}
}
}
}
},
"indices": [
"logstash*"
]
},
"enable": true,
"actions": {
"email": {
"addresses": [
"brian.murphy@elasticsearch.com"
]
}
}
}
}
````
Deleting an alert :
````
DELETE _alert/testalert
````
Expected output :
````
{
"found": true,
"_index": ".alerts",
"_type": "alert",
"_id": "testalert",
"_version": 4
}
````
Reference in New Issue View Git Blame Copy Permalink