Table Of Contents
- purpose
- How to use
Purpose
This guide explains how you can trigger action for any error caused by the executing of an incoming or route configuration.
How to use
- Replace CUSTOMER_INDICE_NAME with the actual name of the indices, e.g. alumio-uat.
- Set up the interval you want to work the script with. Default is 5 minutes.
a. You have to change this on line 4 and line 28. - Configure the desired action.
a. It.could be a message to Teams;
b. It could be a message to Slack;
c. An email;
d. Anything with a communication protocol. - Go to the correct Elastic/Kibana instance and add the script as an ‘advanced’ watcher.
a. Open Kibana.
b. Navigate to Management → Stack Management.
c. Using the on-page navigation navigate to Alerts and Insights → Watcher.
d. Press Create and then Create advanced watcher.
{
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"CUSTOMER_INDICE_NAME-filebeat-*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 500,
"query": {
"bool": {
"must": [
{
"match": {
"@fields.level": "400"
}
},
{
"range": {
"@timestamp": {
"gte": "now-5m",
"lt": "now"
}
}
},
{
"exists": {
"field": "@fields.scope.incoming_id"
}
}
],
"must_not": [
{
"term": {
"@message": "Exception in incoming process"
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 1
}
}
},
"actions": {
"log_hits": {
"foreach": "ctx.payload.hits.hits",
"max_iterations": 500,
"logging": {
"level": "info",
"text": "ERROR | {{ctx.payload._source.@message}} | {{ctx.payload._source.@fields.scope.incoming_id}} | {{ctx.payload._source.@fields.scope.route_id}}"
}
}
}
}