search

elastic / examples

Home for Elasticsearch examples available to everyone. It's a great way to get started.
Apache License 2.0
2.64k stars 1.24k forks source link

update watcher examples for 7.x #333

Closed DanRoscigno closed 4 years ago

DanRoscigno commented 4 years ago

@gingerwizard if this gets merged the watches will no longer work for 5.x as I fixed all of the deprecation warnings. Also, can you have a look at the changes I made to run_test.py related to ingest pipelines? The test passes, but I am not clear on what the pipeline is doing. There were significant changes made to the Python libs.

DanRoscigno commented 4 years ago

Merging as the examples are out of date and are people are being referred to them. I will setup some time when we are all back at work to review. These all pass the tests:

./run_all_tests.sh script_user dansbankaccountnumber 234c42bce17e4c55a2c596854081e2c3.us-central1.gcp.cloud.es.io:9243 https

Running test cpu_iowait_hosts/tests/test1.json
Expected: Watch Condition: True
Received: Watch Condition: True
Expected: The following hosts iowait cpu usage has increased dramatically over the last 2m: serverA:6.25% iowait change:
Received: The following hosts iowait cpu usage has increased dramatically over the last 2m: serverA:6.25% iowait change:
TEST PASS
--------------------------------------------------
Running test errors_in_logs/tests/test1.json
Expected: Watch Condition: True
Received: Watch Condition: True
Expected: 3 Errors have occured in the logs:4:1:3:
Received: 3 Errors have occured in the logs:4:1:3:
TEST PASS
--------------------------------------------------
Running test filesystem_usage/tests/test1.json
Expected: Watch Condition: True
Received: Watch Condition: True
Expected: Some hosts are over 90% utilized:99%-test_server1:95%-test_server4:
Received: Some hosts are over 90% utilized:99%-test_server1:95%-test_server4:
TEST PASS
--------------------------------------------------
Running test lateral_movement_in_user_comm/tests/test1.json
Expected: Watch Condition: True
Received: Watch Condition: True
Expected: The following users have logged onto a new server for the first time within the time period: userA on server serverA:userB on server serverA:
Received: The following users have logged onto a new server for the first time within the time period: userA on server serverA:userB on server serverA:
TEST PASS
--------------------------------------------------
Running test monitoring_cluster_health/tests/test1.json
Expected: Watch Condition: True
Received: Watch Condition: True
Expected: Clusters that have not NOT been green for more than 60s: Cluster-B-red:
Received: Clusters that have not NOT been green for more than 60s: Cluster-B-red:
TEST PASS
--------------------------------------------------
Running test monitoring_free_disk_space/tests/test1.json
Expected: Watch Condition: True
Received: Watch Condition: True
Expected: Available space on Filesystem is below recommended ratio of 0.5 for following nodes: For node test_node_a: 16gb of 232gb is available:For node test_node_c: 13gb of 186gb is available:
Received: Available space on Filesystem is below recommended ratio of 0.5 for following nodes: For node test_node_a: 16gb of 232gb is available:For node test_node_c: 13gb of 186gb is available:
TEST PASS
--------------------------------------------------
Running test new_process_started/tests/test1.json
Expected: Watch Condition: True
Received: Watch Condition: True
Expected: Processes started:processB_serverB:processC_serverA:
Received: Processes started:processB_serverB:processC_serverA:
TEST PASS
--------------------------------------------------
Running test port_scan/tests/test1.json
Expected: Watch Condition: True
Received: Watch Condition: True
Expected: Port scan detected:hostA to hostB:
Received: Port scan detected:hostA to hostB:
TEST PASS
--------------------------------------------------
Running test system_fails_to_provide_data/tests/test1.json
Expected: Watch Condition: True
Received: Watch Condition: True
Expected: Systems not responding in the last 5m minutes:serverB:
Received: Systems not responding in the last 5m minutes:serverB:
TEST PASS
--------------------------------------------------
Running test twitter_trends/tests/test1.json
Expected: Watch Condition: True
Received: Watch Condition: True
Expected: elasticsearch is getting attention!
Received: elasticsearch is getting attention!
TEST PASS
--------------------------------------------------
Running test unexpected_account_activity/tests/test1.json
Expected: Watch Condition: True
Received: Watch Condition: True
Expected: Users added and removed in the last 5m:testUserB:
Received: Users added and removed in the last 5m:testUserB:
TEST PASS
--------------------------------------------------
11 tests run: 11 passed. 0 failed.
ypid-geberit commented 4 years ago

👍 for your work as the tests were broken for ES 7. I will take a closer look at it.

As a matter of fact, I already worked on ES 7 support in #239. Would you be interested in checking this PR out? For the last years I felt like no one cares about Watch testing. In case someone cares I will rebase onto your changes (master).

DanRoscigno commented 4 years ago

@ypid-geberit Hi Robin, I will take a look. I am on vacation for a couple weeks, but I added it to my calendar for when I get back. I understand your frustration, I will try to look in this repo once in a while and help out with merging PRs. I wish I would have seen yours when I started working on my updates, from a quick look it looks like you had already figured many things out!