问题描述
我已经配置了一个简单的Kibana Watcher,如果索引上记录的错误数每小时超过100个,则会发送一封电子邮件。
但是,我注意到它返回的错误数量与在“发现”窗格中使用过滤器“ level:ERROR”返回的错误数量不匹配。
有人经历过类似的事情吗?
观察者:
"trigger": {
"schedule": {
"interval": "1h"
}
},"input": {
"search": {
"request": {
"search_type": "query_then_fetch","indices": [
"myindex-*"
],"rest_total_hits_as_int": true,"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "ERROR"
}
},{
"range": {
"@timestamp": {
"gte": "Now-1h"
}
}
}
]
}
},"_source": [
"level"
]
}
}
}
},"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 100
}
}
},"actions": {
"email_action": {
"email": {
"profile": "standard","to": [
"[email protected]"
],"subject": "Kibana Watcher: Errors count over threshold (hourly)","body": {
"text": "Encountered {{ctx.payload.hits.total}} log errors in the last hour"
}
}
}
}
}```
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)