アクションに条件を追加（Adding conditions to actions）

ウォッチャーアクションへの条件の追加

ウォッチがトリガーされると、その条件がウォッチアクションを実行するかどうかを決定します。各アクション内でも、アクションごとに条件を追加できます。これらの追加条件により、単一のアラートがそれぞれの条件に応じて異なるアクションを実行できるようになります。以下のウォッチは、入力検索からヒットが見つかった場合には常にメールを送信しますが、検索結果に5件以上のヒットがある場合にのみnotify_pagerアクションをトリガーします。

Python

resp = client.watcher.put_watch(
   id="log_event_watch",
   trigger={
   "schedule": {
   "interval": "5m"
   }
   },
   input={
   "search": {
   "request": {
   "indices": "log-events",
   "body": {
   "size": 0,
   "query": {
   "match": {
   "status": "error"
   }
   }
   }
   }
   }
   },
   condition={
   "compare": {
   "ctx.payload.hits.total": {
   "gt": 0
   }
   }
   },
   actions={
   "email_administrator": {
   "email": {
   "to": "[email protected]",
   "subject": "Encountered {{ctx.payload.hits.total}} errors",
   "body": "Too many error in the system, see attached data",
   "attachments": {
   "attached_data": {
   "data": {
   "format": "json"
   }
   }
   },
   "priority": "high"
   }
   },
   "notify_pager": {
   "condition": {
   "compare": {
   "ctx.payload.hits.total": {
   "gt": 5
   }
   }
   },
   "webhook": {
   "method": "POST",
   "host": "pager.service.domain",
   "port": 1234,
   "path": "/{{watch_id}}",
   "body": "Encountered {{ctx.payload.hits.total}} errors"
   }
   }
   },
)
print(resp)

Js

const response = await client.watcher.putWatch({
  id: "log_event_watch",
  trigger: {
   schedule: {
   interval: "5m",
   },
  },
  input: {
   search: {
   request: {
   indices: "log-events",
   body: {
   size: 0,
   query: {
   match: {
   status: "error",
   },
   },
   },
   },
   },
  },
  condition: {
   compare: {
   "ctx.payload.hits.total": {
   gt: 0,
   },
   },
  },
  actions: {
   email_administrator: {
   email: {
   to: "[email protected]",
   subject: "Encountered {{ctx.payload.hits.total}} errors",
   body: "Too many error in the system, see attached data",
   attachments: {
   attached_data: {
   data: {
   format: "json",
   },
   },
   },
   priority: "high",
   },
   },
   notify_pager: {
   condition: {
   compare: {
   "ctx.payload.hits.total": {
   gt: 5,
   },
   },
   },
   webhook: {
   method: "POST",
   host: "pager.service.domain",
   port: 1234,
   path: "/{{watch_id}}",
   body: "Encountered {{ctx.payload.hits.total}} errors",
   },
   },
  },
});
console.log(response);

コンソール

PUT _watcher/watch/log_event_watch
{
  "trigger" : {
   "schedule" : { "interval" : "5m" }
  },
  "input" : {
   "search" : {
   "request" : {
   "indices" : "log-events",
   "body" : {
   "size" : 0,
   "query" : { "match" : { "status" : "error" } }
   }
   }
   }
  },
  "condition" : {
   "compare" : { "ctx.payload.hits.total" : { "gt" : 0 } }
  },
  "actions" : {
   "email_administrator" : {
   "email" : {
   "to" : "[email protected]",
   "subject" : "Encountered {{ctx.payload.hits.total}} errors",
   "body" : "Too many error in the system, see attached data",
   "attachments" : {
   "attached_data" : {
   "data" : {
   "format" : "json"
   }
   }
   },
   "priority" : "high"
   }
   },
   "notify_pager" : {
   "condition": {
   "compare" : { "ctx.payload.hits.total" : { "gt" : 5 } }
   },
   "webhook" : {
   "method" : "POST",
   "host" : "pager.service.domain",
   "port" : 1234,
   "path" : "/{{watch_id}}",
   "body" : "Encountered {{ctx.payload.hits.total}} errors"
   }
   }
  }
}