honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-03-09 14:34:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
130 Commits 7 Branches 6 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Brian Murphy 84680f84b3 TESTS : Fix the alert stats test failure and some cleanup and docs. 
This test fixes the alert stats test failures due the the scope being suite scope
which meant that the pass/fail was dependent on execution order for the clean start test.
Also add asciidoc for alert stats.

Original commit: elastic/x-pack-elasticsearch@be3ff86359
2014-11-19 09:33:16 +00:00
dev-tools
Add missing license check files.
2014-11-07 10:57:59 +00:00
src
TESTS : Fix the alert stats test failure and some cleanup and docs.
2014-11-19 09:33:16 +00:00
LICENSE.txt
Initial X-Pack commit
2018-04-20 14:16:58 -07:00
pom.xml
TESTS : Add stats test and bootstrap test
2014-11-18 11:17:00 +00:00
README.md
Core: Change the rest api url structure as if all operations are targetted for the .alerts index.
2014-11-17 12:09:22 +01:00
tests.policy
Build: Configure randomizedtesting properly
2014-11-07 14:24:56 +01:00

README.md

alerting

This is the elasticsearch alerting plugin repo.

Creating an alert :

PUT /.alerts/alert/testalert
{
  "request" : {
    "indices" : [
      "logstash*"
    ],
    "body" : {
    "query" : {
      "filtered": {
        "query": {
          "match": {
            "response": 404
          }
        },
        "filter": {
          "range": {
          "@timestamp" : {
            "from": "{{SCHEDULED_FIRE_TIME}}||-5m",
            "to": "{{SCHEDULED_FIRE_TIME}}"  
          }
          }
        }
      } 
      }
    }
    }
  ,
  "trigger" : { "script" : {
    "script" : "hits.total > 1",
    "script_lang" : "groovy"
  } },
  "actions" : 
    {
      "email" : {
        "addresses" : ["brian.murphy@elasticsearch.com"]
      }
    },
    
    "schedule" : "0 0/1 * * * ?",
    "enable" : true
}

Expected response :

{
   "_index": ".alerts",
   "_type": "alert",
   "_id": "testalert",
   "_version": 1,
   "created": true
}

Viewing an existing alert :

GET /.alerts/alert/testalert

{
   "found": true,
   "_index": ".alerts",
   "_type": "alert",
   "_id": "testalert",
   "_version": 1,
   "alert": {
      "trigger": {
         "script": {
            "script_lang": "groovy",
            "script": "hits.total > 1"
         }
      },
      "schedule": "0 0/1 * * * ?",
      "request": {
         "body": {
            "query": {
               "filtered": {
                  "query": {
                     "match": {
                        "response": 404
                     }
                  },
                  "filter": {
                     "range": {
                        "@timestamp": {
                           "to": "{{SCHEDULED_FIRE_TIME}}",
                           "from": "{{SCHEDULED_FIRE_TIME}}||-5m"
                        }
                     }
                  }
               }
            }
         },
         "indices": [
            "logstash*"
         ]
      },
      "enable": true,
      "actions": {
         "email": {
            "addresses": [
               "brian.murphy@elasticsearch.com"
            ]
         }
      }
   }
}

Deleting an alert :

DELETE /.alerts/alert/testalert

Expected output :

{
   "found": true,
   "_index": ".alerts",
   "_type": "alert",
   "_id": "testalert",
   "_version": 4
}

Creating a alert that looks uses a script to dig into an aggregation :

PUT _alert/404alert
{
  "request" : {
    "indices" : [
      "logstash*"
    ],
    "body" : {
     "query" : {
      "filtered": {
        "query": {
          "match_all": {}
        },
        "filter": {
          "range": {
          "@timestamp" : {
            "from": "{{SCHEDULED_FIRE_TIME}}||-5m",
            "to": "{{SCHEDULED_FIRE_TIME}}"  
            }
          }
        }
      } 
      },
      "aggs": {
        "response": {
          "terms": {
            "field": "response",
            "size": 100
          }
        }
      }, "size":0
    }
  },
  "trigger" : { 
    "script" : {
      "script" : "ok_count = 0.0;error_count = 0.0;for(bucket in aggregations.response.buckets) {if (bucket.key < 400){ok_count += bucket.doc_count;} else {error_count += bucket.doc_count;}}; return error_count/(ok_count+1) >= 0.1;",
    " script_lang" : "groovy"
  } },
  "actions" : 
    {
      "email" : {
        "addresses" : ["brian.murphy@elasticsearch.com"]
      }
    },
    "schedule" : "0 0/1 * * * ?",
    "enable" : true
}

This alert will trigger if the responses field has a value greater or equal to 400 for more than 10% of all values.

Description
🔎 Open source distributed and RESTful search engine.
Readme 546 MiB
Languages
Java 99.5%
Groovy 0.4%