Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alert on ES field value? #184

Open
ceeeekay opened this issue May 14, 2018 · 2 comments
Open

Alert on ES field value? #184

ceeeekay opened this issue May 14, 2018 · 2 comments

Comments

@ceeeekay
Copy link

Is it possible to alert based on the value in a field?

I'm using a max aggregation which always returns exactly one result, but it's the value of the field that I'm interested in. I don't see any way to do this.

Possible feature request?

Cheers.
@kiwiz
Copy link
Contributor

kiwiz commented Jul 31, 2018

Hi. Could you provide a concrete example of what you'd like to accomplish?

@ceeeekay
Copy link
Author

ceeeekay commented Aug 3, 2018

@kiwiz Using the following ES agg as an example, I'd like to set up a 411 alert to trigger if the result of the aggregation is over a certain value, e.g.,

  "aggs": {
    "1": {
      "max": {
        "field": "latency.total"
      }
    }
  }

I'm trying to reproduce this in 411 like so:
type:latency test | agg:max field:latency.total.

This query always returns a single result (as expected) but it's the value if the result I'm interested in, i.e., if max agg of latency.total > 60 then alert.

I don't see any way to do this with the result type options that 411 presents.

Thanks :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kiwiz @ceeeekay