KAAE Watcher Examples

KAAE HIT WATCHER EXAMPLE:

{
  "_index": "watcher",
  "_type": "watch",
  "_id": "new",
  "_source": {
    "trigger": {
      "schedule": {
        "later": "every 5 minutes"
      }
    },
    "input": {
      "search": {
        "request": {
          "indices": [
            "<mos-{now/d}>",
            "<mos-{now/d-1d}>"
          ],
          "body": {}
        }
      }
    },
    "condition": {
      "script": {
        "script": "payload.hits.total > 100"
      }
    },
    "transform": {},
    "actions": {
      "email_admin": {
        "throttle_period": "15m",
        "email": {
          "to": "alarm@localhost",
          "subject": "KaaE Alarm",
          "priority": "high",
          "body": "Found {{payload.hits.total}} Events"
        }
      },
      "slack_admin": {
        "throttle_period": "15m",
        "slack": {
          "channel": "#kaae",
          "message": "KaaE Alert! Found {{payload.hits.total}} Events"
        }
      }
    }
  }
}

KAAE AGGS WATCHER EXAMPLE:

{
  "_index": "watcher",
  "_type": "watch",
  "_id": "mos",
  "_score": 1,
  "_source": {
    "trigger": {
      "schedule": {
        "later": "every 5 minutes"
      }
    },
    "input": {
      "search": {
        "request": {
          "indices": [
            "<mos-{now/d}>",
            "<mos-{now/d-1d}>"
          ],
          "body": {
            "query": {
              "filtered": {
                "query": {
                  "query_string": {
                    "query": "mos:*",
                    "analyze_wildcard": true
                  }
                },
                "filter": {
                  "range": {
                    "@timestamp": {
                      "from": "now-5m"
                    }
                  }
                }
              }
            },
            "aggs": {
              "avg": {
                "avg": {
                  "field": "mos"
                }
              }
            }
          }
        }
      }
    },
    "condition": {
      "script": {
        "script": "payload.aggregations.avg.value < 3 && payload.aggregations.avg.value > 0"
      }
    },
    "transform": {
      "search": {
        "request": {
          "indices": [
            "<mos-{now/d}>",
            "<mos-{now/d-1d}>"
          ],
          "body": {
            "query": {
              "filtered": {
                "query_string": {
                  "query": "mos:*",
                  "analyze_wildcard": true
                }
              },
              "filter": {
                "range": {
                  "@timestamp": {
                    "from": "now-1h"
                  }
                }
              }
            }
          },
          "aggs": {
            "avg": {
              "avg": {
                "field": "mos"
              }
            }
          }
        }
      }
    },
    "actions": {
      "email_admin": {
        "throttle_period": "15m",
        "email": {
          "to": "alarm@localhost",
          "subject": "Low MOS Detected: {{payload.aggregations.avg.value}} ",
          "priority": "high",
          "body": "Low MOS Detected:\n {{payload.aggregations.avg.value}} with avg  {{payload.aggregations.count.value}}"
        }
      }
    }
  }
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

KAAE Watcher Examples

KAAE HIT WATCHER EXAMPLE:

KAAE AGGS WATCHER EXAMPLE:

KaaE Wiki

Clone this wiki locally