elasticsearchelastic-stackelasticsearch-5elasticsearch-painlesselasticsearch-watcher
how to send email alert to groups based on condition success in kibana watcher action
I am able to categorize various error like this ---
But i want to send email to groups based on error message.
Something like ---
when error ie "key"= "Response status code does not indicate success Service Unavailable" ---send email to group 1 [[email protected],[email protected],[email protected]]
when error ie "key"= "Response status code does not indicate success Gateway" ---send email to group 2 [[email protected],[email protected],[email protected]]
I have done upto this much ---
"actions": {
"send_email": {
"throttle_period_in_millis": 300000,
"condition": {
"script": {
"source": " def status = false; for(int i=0; i<ctx.payload.failure_request.aggregations.categories.buckets.length;i++) {if(ctx.payload.failure_request.aggregations.categories.buckets[i].key.contains('Response status code does not indicate success')) {status = true}} return status ",
"lang": "painless"
}
},
"email": {
"profile": "standard",
"to": [
"[email protected]"
],
"subject": "{{ctx.metadata.email_subject}}",
"body": {
"html": "Error Found: <ul> {{ctx.payload.aggregations.categories.buckets.length}}"
}
}
}
}
Even Email is going to the given email when condition is pass ie when key contains that message. But I want to send email based on message match for specific group at one go.
can any one help me on this if we have something in painless language to write logic like case statement.
Appreciate your help in advance.
Solution
These is my advice, I hope that can help you.
solution one: match with a string
"actions": {
"email_group_one" : {
"condition": {
"script": {
"source": "def status = ctx.payload.failure_request.aggregations.categories.buckets; if (status.size() == 0) return false; return hosts.stream().anyMatch(p -> p.key == 'Response status code does not indicate success Service Unavailable');"
"lang": "painless"
}
},
"email" : {
"to" : ["[email protected]","[email protected]","[email protected]"],
"subject" : "YOUR SUBJEC",
"body" : {
"html": "YOUR HTML CODE"
}
}
},
"email_group_two" : {
"condition": {
"script": {
"source": "def status = ctx.payload.failure_request.aggregations.categories.buckets; if (status.size() == 0) return false; return hosts.stream().anyMatch(p -> p.key == 'Response status code does not indicate success Gateway');"
"lang": "painless"
}
},
"email" : {
"to" : ["[email protected]","[email protected]","[email protected]"],
"subject" : "YOUR SUBJECT",
"body" : {
"html": "YOUR HTML CODE"
}
}
}
}
solution two: match with multiple values like a,b,c and d
"actions": {
"email_group_one" : {
"condition": {
"script": {
"source": "def myArray= ['a', 'b', 'c', 'd'];def status = ctx.payload.failure_request.aggregations.categories.buckets; if (status.size() == 0) return false; return hosts.stream().anyMatch(p -> p.key in myArray);"
"lang": "painless"
}
},
"email" : {
"to" : ["[email protected]","[email protected]","[email protected]"],
"subject" : "YOUR SUBJEC",
"body" : {
"html": "YOUR HTML CODE"
}
}
},
"email_group_two" : {
"condition": {
"script": {
"source": "def myArray= ['e', 'f', 'g', 'h'];def status = ctx.payload.failure_request.aggregations.categories.buckets; if (status.size() == 0) return false; return hosts.stream().anyMatch(p -> p.key in myArray);"
"lang": "painless"
}
},
"email" : {
"to" : ["[email protected]","[email protected]","[email protected]"],
"subject" : "YOUR SUBJECT",
"body" : {
"html": "YOUR HTML CODE"
}
}
}
}
the code has not been tested, you may have syntax errors.
- fluentd with OpenSearch - where does the @timestamp field come from?
- Storing and managing Forex trading tick data
- mongodb fulltext searching strategy
- Is it possible to use elasticsearch synonyms dynamically?
- Elasticsearch showing received plaintext http traffic on an https channel in console
- Wildcard/regexp query with asterix chacter
- How to Count Unique Assets with Specific Severity in Elasticsearch?
- Am I correct that Elasticsearch simple_query_string does not support wildcards, but only prefix queries?
- ElasticSearch text array length
- Elasticsearch Nested Aggregations with Spring data elasticsearch 5.2
- How to check that all shards are moved from a specific elasticsearch node?
- How do to an Elasticsearch ESQL Distinct Query?
- How can I add a field to existing mapping with values in other fields?
- Elastic Search sort documents with same score using another field value
- OpenSearch with Spring Boot - Displaying docuemnts by number of keywors
- How to one value come first during sort on that field Elastic Search
- Retrieve selected fields from a search
- Logstash main class JvmOptionsParser not found / cannot load
- What is the difference between standard and language analyzer in Elasticsearch?
- How can I count all the occurrences within my date_histogram?
- Reliable .NET API for Elastic Search
- Not working fuzzy logic when use the fuzzines.auto elasticsearch
- Yellow health status on elastic causing kibana to fail at launch?
- How to Enable Logging in Rails Application with OpenSearch and Searchkick Integration?
- ElasticSearch - Unable To Search Using Fuzzy Match Query For Underscore in value (ES Fuzzy not matching underscore value)
- registering a custom analyzer and using it in a template
- Elasticsearch implement off-the-shelf language analyser but use custom tokeniser
- KQL query Count and Limit Matching Documents in Time Frame
- Elasticsearch aggregation name syntax documented somewhere?
- Kibana error: Unable to retrieve version information from Elasticsearch nodes. socket hang up