This repository was archived by the owner on Jan 10, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
Copy pathwatch.json
77 lines (77 loc) · 1.73 KB
/
watch.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
{
"metadata": {
"bucket_interval": "5m",
"time_period": "8h",
"query_string": "elasticsearch"
},
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"indices": "twitter*",
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "text: {{ctx.metadata.query_string}}",
"analyze_wildcard": true
}
}
],
"filter": {
"range": {
"@timestamp": {
"gte": "now-{{ctx.metadata.time_period}}",
"format": "epoch_millis"
}
}
}
}
},
"size": 0,
"aggs": {
"date_buckets": {
"date_histogram": {
"field": "@timestamp",
"fixed_interval": "{{ctx.metadata.bucket_interval}}",
"min_doc_count": 0
}
},
"percentiles": {
"percentiles_bucket": {
"buckets_path": "date_buckets._count",
"percents": [
90.0
]
}
},
"stats": {
"extended_stats_bucket": {
"buckets_path": "date_buckets._count"
}
}
}
}
}
}
},
"throttle_period": "15m",
"condition": {
"script": {
"id": "condition"
}
},
"actions": {
"log": {
"logging": {
"text": "{{ctx.metadata.query_string}} is getting attention!"
}
}
}
}