向 Elastic Cloud Watcher 添加 Curl 查询

问题描述 投票:0回答:1

我想在 Elastic Cloud 中创建以下警报:

  • 如果未分配的分片数量超过“x”值,则发出警报。

根据 elastic-cloud 文档,我们可以使用以下查询来检查未分配的分片:

GET _cat/shards?v=true&h=index,shard,prirep,state,node,unassigned.reason&s=state

这个查询可以使用弹性观察器来实现吗? 我尝试使用以下代码来实现。我无法弄清楚条件部分:

{
  "trigger": {
    "schedule": {
      "interval": "1m"
    }
  },
  "input": {
    "http": {
      "request": {
        "scheme": "https",
        "host": "some-host",
        "port": 9243,
        "method": "get",
        "path": "/_cluster/stats",
        "params": {},
        "headers": {},
        "auth": {
          "basic": {
            "username": "user-name",
            "password": "some password"
          }
        }
      }
    }
  },
  "condition": {
    "script": {
      "source": "def nodes = GET _cat/shards?v=true&h=index,shard,prirep,state,node,unassigned.reason&s=state {if (nodes > 300) {return true;}} return false;",
      "lang": "painless"
    }
  },
  "actions": {
    "send_email_alert": {
      "email": {
        "profile": "standard",
        "to": [
          "[email protected]"
        ],
        "subject": "Shard Alert",
        "body": {
          "text": "The number of shards per node exceeds 300. Please investigate."
        }
      }
    }
  }
}

我是弹性云新手,已经陷入僵局。

elasticsearch kibana elastic-stack elastic-cloud elasticsearch-watcher
1个回答
0
投票

您可以使用 

_cluster/health
API 调用来查看未分配的分片数量。如果需要,这里是所有可用的watcher HTTP 输入

您可以使用 

ctx
访问和使用任何输出的值。对于您的情况,我们可以使用 
ctx.payload.unassigned_shards

"condition": {
  "compare": {
    "ctx.payload.unassigned_shards": {
      "gt": 4
    }
  }
}

您可以找到有关 

ctx
以及观察者如何工作的更多信息?在以下链接中。 https://www.elastic.co/guide/en/elasticsearch/reference/current/how-watcher-works.html

这是完整的示例:

POST _watcher/watch/_execute
{
  "watch": {
  "trigger": {
    "schedule": {
      "interval": "1m"
    }
  },
  "input": {
    "http": {
      "request": {
        "scheme": "https",
        "host": "cluster-id",
        "port": 9243,
        "method": "get",
        "path": "/_cluster/health",
        "params": {},
        "headers": {},
        "auth": {
          "basic": {
            "username": "::es_redacted::",
            "password": "::es_redacted::"
          }
        }
      }
    }
  },
    "condition": {
      "compare": {
        "ctx.payload.unassigned_shards": {
          "gt": 4
        }
      }
    },
  "actions": {
    "send_email_alert": {
      "email": {
        "profile": "standard",
        "to": [
          "::es_redacted::"
        ],
        "subject": "Shard Alert",
        "body": {
          "text": "The number of unassigned shards is {{ctx.payload.unassigned_shards}} and it exceeded 3. "
        }
      }
    }
  }
  }
}

这是输出的电子邮件:

The number of unassigned shards is 5 exceeded 3.

重要提示: 在使用观察程序之前,请控制您的 

ES_URL
并确保您可以使用 
curl
命令看到预期的输出。例如。

musab@musab-mac Desktop % curl -k "https://your_cluster_name.es.us-east-2.aws.elastic-cloud.com:9243/_cluster/health?pretty" -u username:password
{
  "cluster_name" : "0ce67bce635a4b3882c580678b5cb4f5",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 2,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 720,
  "active_shards" : 720,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 5,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 99.3103448275862
}

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.