向操作添加条件
Elastic Stack Serverless
当监视器被触发时,它的条件决定是否执行监视器操作。在每个操作中,您也可以为每个操作添加一个条件。这些额外的条件使单个警报能够根据其各自的条件执行不同的操作。 以下监视器始终会发送电子邮件,当从输入搜索中找到匹配项时,但仅当搜索结果中存在超过 5 个匹配项时才触发notify_pager操作。
PUT _watcher/watch/log_event_watch {
"trigger" : {
"schedule" : { "interval" : "5m" }
},
"input" : {
"search" : {
"request" : {
"indices" : "log-events",
"body" : {
"size" : 0,
"query" : { "match" : { "status" : "error" } }
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 } }
},
"actions" : {
"email_administrator" : {
"email" : {
"to" : "sys.admino@host.domain",
"subject" : "Encountered {{ctx.payload.hits.total}} errors",
"body" : "Too many error in the system, see attached data",
"attachments" : {
"attached_data" : {
"data" : {
"format" : "json"
}
}
},
"priority" : "high"
}
},
"notify_pager" : {
"condition": {
"compare" : { "ctx.payload.hits.total" : { "gt" : 5 } }
},
"webhook" : {
"method" : "POST",
"host" : "pager.service.domain",
"port" : 1234,
"path" : "/{{watch_id}}",
"body" : "Encountered {{ctx.payload.hits.total}} errors"
}
}
}
}
- 一个
condition仅适用于notify_pager操作,它限制其执行,只有当条件成功时才执行(在本例中至少有 5 个匹配项)。