执行监视 API
编辑执行监视 API
编辑强制执行已存储的监视。
描述
编辑此 API 可用于强制执行监视,使其脱离其触发逻辑,或模拟监视执行以进行调试。
为了进行测试和调试,您还可以精细地控制监视的运行方式。您可以执行监视而不执行其所有操作,或者通过模拟它们来执行。您还可以通过忽略监视条件来强制执行,并控制执行后是否将监视记录写入监视历史记录。
内联监视执行
编辑您可以使用执行 API 来执行尚未注册的监视,方法是内联指定监视定义。这对于在将监视添加到 Watcher 之前测试和调试监视非常有用。
路径参数
编辑-
<watch_id> - (可选,字符串) 监视的标识符。
查询参数
编辑-
debug - (可选,布尔值) 定义监视是否在调试模式下运行。默认值为
false。
请求体
编辑此 API 支持以下字段
| 名称 | 必需 | 默认值 | 描述 |
|---|---|---|---|
|
否 |
此结构被解析为触发事件的数据,将在监视执行期间使用 |
|
|
否 |
否 |
设置为 |
|
否 |
null |
如果存在,监视将使用此对象作为有效负载,而不是执行其自己的输入。 |
|
否 |
null |
确定如何在监视执行中处理监视操作。有关更多信息,请参阅 操作执行模式。 |
|
否 |
否 |
设置为 |
|
否 |
null |
如果存在,则使用此 监视,而不是请求中指定的监视。此监视不会持久化到索引中,并且无法设置 record_execution。 |
操作执行模式
编辑操作模式定义在监视执行期间如何处理操作。操作可以关联五种可能的模式
| 名称 | 描述 |
|---|---|
|
模拟操作执行。每个操作类型定义其自己的模拟操作模式。例如, |
|
类似于 |
|
执行操作,就像监视被其自己的触发器触发一样执行。如果监视的当前状态表明应该这样做,则可能会限制执行。 |
|
类似于 |
|
跳过该操作,并且不执行或模拟该操作。有效地强制限制操作。 |
安全集成
编辑在您的集群上启用 Elasticsearch 安全功能时,监视将使用存储监视的用户的权限执行。如果您的用户允许读取索引 a,但不允许读取索引 b,则在执行监视期间将应用完全相同的规则集。
当使用执行监视 API 时,将使用调用 API 的用户的授权数据作为基础,而不是存储监视的用户的信息。
示例
编辑以下示例执行 my_watch 监视
resp = client.watcher.execute_watch(
id="my_watch",
)
print(resp)
const response = await client.watcher.executeWatch({
id: "my_watch",
});
console.log(response);
POST _watcher/watch/my_watch/_execute
以下示例显示了执行 my-watch 监视的完整示例
resp = client.watcher.execute_watch(
id="my_watch",
trigger_data={
"triggered_time": "now",
"scheduled_time": "now"
},
alternative_input={
"foo": "bar"
},
ignore_condition=True,
action_modes={
"my-action": "force_simulate"
},
record_execution=True,
)
print(resp)
const response = await client.watcher.executeWatch({
id: "my_watch",
trigger_data: {
triggered_time: "now",
scheduled_time: "now",
},
alternative_input: {
foo: "bar",
},
ignore_condition: true,
action_modes: {
"my-action": "force_simulate",
},
record_execution: true,
});
console.log(response);
POST _watcher/watch/my_watch/_execute
{
"trigger_data" : {
"triggered_time" : "now",
"scheduled_time" : "now"
},
"alternative_input" : {
"foo" : "bar"
},
"ignore_condition" : true,
"action_modes" : {
"my-action" : "force_simulate"
},
"record_execution" : true
}
|
提供了触发和计划时间。 |
|
|
忽略监视定义的输入,而是将提供的输入用作执行有效负载。 |
|
|
忽略监视定义的条件,并假定其评估为 |
|
|
强制模拟 |
|
|
监视的执行将在监视历史记录中创建一个监视记录,并且监视的限制状态可能会相应更新。 |
这是一个输出示例
{
"_id": "my_watch_0-2015-06-02T23:17:55.124Z",
"watch_record": {
"@timestamp": "2015-06-02T23:17:55.124Z",
"watch_id": "my_watch",
"node": "my_node",
"messages": [],
"trigger_event": {
"type": "manual",
"triggered_time": "2015-06-02T23:17:55.124Z",
"manual": {
"schedule": {
"scheduled_time": "2015-06-02T23:17:55.124Z"
}
}
},
"state": "executed",
"status": {
"version": 1,
"execution_state": "executed",
"state": {
"active": true,
"timestamp": "2015-06-02T23:17:55.111Z"
},
"last_checked": "2015-06-02T23:17:55.124Z",
"last_met_condition": "2015-06-02T23:17:55.124Z",
"actions": {
"test_index": {
"ack": {
"timestamp": "2015-06-02T23:17:55.124Z",
"state": "ackable"
},
"last_execution": {
"timestamp": "2015-06-02T23:17:55.124Z",
"successful": true
},
"last_successful_execution": {
"timestamp": "2015-06-02T23:17:55.124Z",
"successful": true
}
}
}
},
"input": {
"simple": {
"payload": {
"send": "yes"
}
}
},
"condition": {
"always": {}
},
"result": {
"execution_time": "2015-06-02T23:17:55.124Z",
"execution_duration": 12608,
"input": {
"type": "simple",
"payload": {
"foo": "bar"
},
"status": "success"
},
"condition": {
"type": "always",
"met": true,
"status": "success"
},
"actions": [
{
"id": "test_index",
"index": {
"response": {
"index": "test",
"version": 1,
"created": true,
"result": "created",
"id": "AVSHKzPa9zx62AzUzFXY"
}
},
"status": "success",
"type": "index"
}
]
},
"user": "test_admin"
}
}
您可以通过将模式名称与操作 ID 相关联,为每个操作设置不同的执行模式
resp = client.watcher.execute_watch(
id="my_watch",
action_modes={
"action1": "force_simulate",
"action2": "skip"
},
)
print(resp)
const response = await client.watcher.executeWatch({
id: "my_watch",
action_modes: {
action1: "force_simulate",
action2: "skip",
},
});
console.log(response);
POST _watcher/watch/my_watch/_execute
{
"action_modes" : {
"action1" : "force_simulate",
"action2" : "skip"
}
}
您还可以使用 _all 作为操作 ID,将单个执行模式与监视中的所有操作关联
resp = client.watcher.execute_watch(
id="my_watch",
action_modes={
"_all": "force_execute"
},
)
print(resp)
const response = await client.watcher.executeWatch({
id: "my_watch",
action_modes: {
_all: "force_execute",
},
});
console.log(response);
POST _watcher/watch/my_watch/_execute
{
"action_modes" : {
"_all" : "force_execute"
}
}
以下示例演示如何内联执行监视
resp = client.watcher.execute_watch(
watch={
"trigger": {
"schedule": {
"interval": "10s"
}
},
"input": {
"search": {
"request": {
"indices": [
"logs"
],
"body": {
"query": {
"match": {
"message": "error"
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"log_error": {
"logging": {
"text": "Found {{ctx.payload.hits.total}} errors in the logs"
}
}
}
},
)
print(resp)
const response = await client.watcher.executeWatch({
watch: {
trigger: {
schedule: {
interval: "10s",
},
},
input: {
search: {
request: {
indices: ["logs"],
body: {
query: {
match: {
message: "error",
},
},
},
},
},
},
condition: {
compare: {
"ctx.payload.hits.total": {
gt: 0,
},
},
},
actions: {
log_error: {
logging: {
text: "Found {{ctx.payload.hits.total}} errors in the logs",
},
},
},
},
});
console.log(response);
POST _watcher/watch/_execute
{
"watch" : {
"trigger" : { "schedule" : { "interval" : "10s" } },
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
"actions" : {
"log_error" : {
"logging" : {
"text" : "Found {{ctx.payload.hits.total}} errors in the logs"
}
}
}
}
}
内联监视时,此 API 的所有其他设置仍然适用。在以下代码片段中,虽然内联监视定义了 compare 条件,但在执行期间将忽略此条件
resp = client.watcher.execute_watch(
ignore_condition=True,
watch={
"trigger": {
"schedule": {
"interval": "10s"
}
},
"input": {
"search": {
"request": {
"indices": [
"logs"
],
"body": {
"query": {
"match": {
"message": "error"
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"log_error": {
"logging": {
"text": "Found {{ctx.payload.hits.total}} errors in the logs"
}
}
}
},
)
print(resp)
const response = await client.watcher.executeWatch({
ignore_condition: true,
watch: {
trigger: {
schedule: {
interval: "10s",
},
},
input: {
search: {
request: {
indices: ["logs"],
body: {
query: {
match: {
message: "error",
},
},
},
},
},
},
condition: {
compare: {
"ctx.payload.hits.total": {
gt: 0,
},
},
},
actions: {
log_error: {
logging: {
text: "Found {{ctx.payload.hits.total}} errors in the logs",
},
},
},
},
});
console.log(response);
POST _watcher/watch/_execute
{
"ignore_condition" : true,
"watch" : {
"trigger" : { "schedule" : { "interval" : "10s" } },
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
"actions" : {
"log_error" : {
"logging" : {
"text" : "Found {{ctx.payload.hits.total}} errors in the logs"
}
}
}
}
}