问题描述
我有一个Elastic DSL Query,它向我返回最近15分钟内该API的平均响应时间。
我的目标是在API平均响应时间> 5秒时触发电子邮件。
在下面的查询响应中,我平均得到5.32。但是在弹性规则中,不会针对同一cconfiguraiton生成警报。
DSL查询
{
"aggs":{
"processFilter":{
"filter":{
"bool":{
"should":[
{
"bool":{
"must":[
{
"match":{
"doc.processName":"CreateCustomer"
}
},{
"match":{
"doc.messageType":"SourceResponse"
}
},{
"range":{
"@timestamp":{
"gte":"Now-30m/m","lte":"Now/m"
}
}
}
]
}
}
]
}
},"aggs":{
"avg_et":{
"avg":{
"field":"elapsed_time"
}
}
}
}
}
}
响应:
"aggregations" : {
"processFilter" : {
"Meta" : { },"doc_count" : 5,"**avg_et**" : {
"value" : 5.3289999008178714
}
}
}
}
Rules.yaml
es_host: 100.10.10.100
es_port: 9200
es_username: elastic
es_password: elastic
name: Average ResponseTime
type: metric_aggregation
index: logstashlogs-*
bucket_interval:
minutes: 15
metric_agg_key: elapsed_time
metric_agg_type: avg
doc_type: _doc
max_threshold: 5
filter:
- term:
doc.processName: CreateCustomer
- term:
doc.messageType: SourceResponse
alert:
- email
email:
- [email protected]
alert_subject: Avg response lapsed
alert_text: |
Testing for average response time.
alert_text_type: alert_text_only
smtp_host: 100.100.10.10
smtp_port: 25
smtp_ssl: false
from_addr: [email protected]
smtp_auth_file: smtp_auth_file.yaml
弹性仪的输出
1 rules loaded
INFO:elastalert:Starting up
INFO:elastalert:disabled rules are: []
INFO:elastalert:Sleeping for 59.999888 seconds
INFO:elastalert:Ran Average ResponseTime from 2020-10-21 11:42 UTC to 2020-10-21 11:57 UTC: 0 query hits (0 already seen),0 matches,0 alerts sent
INFO:elastalert:Background configuration change check run at 2020-10-21 11:58 UTC
INFO:elastalert:Background alerts thread 0 pending alerts sent at 2020-10-21 11:58 UTC
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)