为 Watcher 操作添加条件
编辑为 Watcher 操作添加条件
编辑当一个 Watch 被触发时,其条件决定是否执行 Watch 操作。在每个操作中,您也可以为每个操作添加一个条件。这些额外的条件使单个警报能够根据各自的条件执行不同的操作。以下 Watch 将始终发送电子邮件,当从输入搜索中找到匹配项时,但仅当搜索结果中存在超过 5 个匹配项时才会触发 notify_pager 操作。
resp = client.watcher.put_watch(
id="log_event_watch",
trigger={
"schedule": {
"interval": "5m"
}
},
input={
"search": {
"request": {
"indices": "log-events",
"body": {
"size": 0,
"query": {
"match": {
"status": "error"
}
}
}
}
}
},
condition={
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
actions={
"email_administrator": {
"email": {
"to": "[email protected]",
"subject": "Encountered {{ctx.payload.hits.total}} errors",
"body": "Too many error in the system, see attached data",
"attachments": {
"attached_data": {
"data": {
"format": "json"
}
}
},
"priority": "high"
}
},
"notify_pager": {
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 5
}
}
},
"webhook": {
"method": "POST",
"host": "pager.service.domain",
"port": 1234,
"path": "/{{watch_id}}",
"body": "Encountered {{ctx.payload.hits.total}} errors"
}
}
},
)
print(resp)
const response = await client.watcher.putWatch({
id: "log_event_watch",
trigger: {
schedule: {
interval: "5m",
},
},
input: {
search: {
request: {
indices: "log-events",
body: {
size: 0,
query: {
match: {
status: "error",
},
},
},
},
},
},
condition: {
compare: {
"ctx.payload.hits.total": {
gt: 0,
},
},
},
actions: {
email_administrator: {
email: {
to: "[email protected]",
subject: "Encountered {{ctx.payload.hits.total}} errors",
body: "Too many error in the system, see attached data",
attachments: {
attached_data: {
data: {
format: "json",
},
},
},
priority: "high",
},
},
notify_pager: {
condition: {
compare: {
"ctx.payload.hits.total": {
gt: 5,
},
},
},
webhook: {
method: "POST",
host: "pager.service.domain",
port: 1234,
path: "/{{watch_id}}",
body: "Encountered {{ctx.payload.hits.total}} errors",
},
},
},
});
console.log(response);
PUT _watcher/watch/log_event_watch
{
"trigger" : {
"schedule" : { "interval" : "5m" }
},
"input" : {
"search" : {
"request" : {
"indices" : "log-events",
"body" : {
"size" : 0,
"query" : { "match" : { "status" : "error" } }
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 } }
},
"actions" : {
"email_administrator" : {
"email" : {
"to" : "[email protected]",
"subject" : "Encountered {{ctx.payload.hits.total}} errors",
"body" : "Too many error in the system, see attached data",
"attachments" : {
"attached_data" : {
"data" : {
"format" : "json"
}
}
},
"priority" : "high"
}
},
"notify_pager" : {
"condition": {
"compare" : { "ctx.payload.hits.total" : { "gt" : 5 } }
},
"webhook" : {
"method" : "POST",
"host" : "pager.service.domain",
"port" : 1234,
"path" : "/{{watch_id}}",
"body" : "Encountered {{ctx.payload.hits.total}} errors"
}
}
}
}