- elasticsearch/
elasticsearch 在Kibana的watcher中,在哪里放置要搜索的字符串
elasticsearch 在Kibana的watcher中,在哪里放置要搜索的字符串
我是新来基巴纳的 我可能犯了一些基本的错误 我试图在每10分钟搜索日志文件中的一个字符串,并希望就此向人们发送电子邮件 我尝试过创建一个观察者:
{
"trigger": {
"schedule": {
"interval": "10m"
}
},
"input": {
"search": {
"request": {
"body": {
"size": 0,
"query": {
"match_all": {}
}
},
"indices": [
"*"
]
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 10
}
}
},
"actions": {
"my-logging-action": {
"logging": {
"text": "There are {{ctx.payload.hits.total}} documents in your index. Threshold is 10."
}
}
}
}
在哪里可以放置要搜索的字符串?假设我想搜索一个字符串,这里的系统崩溃了。而不是
匹配\u all消息"match" : {
"message" : "The system here is crashed."
}
在代码中,您需要将操作类型更改为mail。您还需要在其中使用查询和匹配。 转到DevTools并创建一个观察者。代码如下所示 POST/_Watcher/watch/{watch id}/
{
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"match": {
"field_name": "The system here is crashed."
}
}
}
}
} },
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 1
}
}
},
"actions": {
"email_administrator": {
"email": {
"profile": "standard",
"attachments": {
"attached_data": {
"data": {
"format": "json"
}
}
},
"priority": "high",
"to": [
"destination.mail.id@mail.com"
],
"subject": "Mail Subject",
"body":"Mail Body"
}
}
}
}