qreshi
commented
2 years ago Closing in favor of https://github.com/opensearch-project/alerting/issues/92
Closed w-HA closed 2 years ago
qreshi
commented
2 years ago Closing in favor of https://github.com/opensearch-project/alerting/issues/92
Dears,
Is this function exist in alerting module https://www.elastic.co/guide/en/elasticsearch/reference/7.3/action-foreach.html
I think it's very interesting to do only 1 monitor with aggregations and only 1 action
My exemple
{ "size": 0, "query": { "bool": { "must": [ { "query_string": { "query": "status:3 AND type:0", "fields": [], "type": "best_fields", "default_operator": "or", "max_determinized_states": 10000, "enable_position_increments": true, "fuzziness": "AUTO", "fuzzy_prefix_length": 0, "fuzzy_max_expansions": 50, "phrase_slop": 0, "analyze_wildcard": true, "time_zone": "Europe/Paris", "escape": false, "auto_generate_synonyms_phrase_query": true, "fuzzy_transpositions": true, "boost": 1 } } ], "filter": [ { "range": { "confirm_or_cancel_date": { "from": "now-1h", "to": "now", "include_lower": true, "include_upper": true, "format": "strict_date_optional_time", "boost": 1 } } } ], "adjust_pure_negative": true, "boost": 1 } }, "aggregations": { "compte": { "terms": { "field": "mct_id.keyword", "size": 10, "min_doc_count": 1, "shard_min_doc_count": 0, "show_term_doc_count_error": false, "order": [ { "_count": "desc" }, { "_key": "asc" } ] } } } }
With trigger
int score = 0; for (int i = 0; i < ctx.results[0].aggregations.compte.buckets.size(); i++) { if (ctx.results[0].aggregations.compte.buckets[i].doc_count > 0) return true; }
and action email Monitor just entered alert status. Please investigate the issue.
and result
Monitor just entered alert status. Please investigate the issue.
I need to send one mail ( or something else ) per aggregations ( i )
Thanks a lot Benoit