ElasticSearch预警服务-Watcher详解-管理Watcher服务
1.监听
Watcher相关的数据存储在.watches索引中,该索引具有只读权限,
必须通过API来创建,更新和删除。
GET .watches/_search
{
"fields" : [],
"query" : {"match_all" : { } }
}
2.通过Kibana监控Watcher历史数据
在kibana中配置 setting>indices
配置.watch_history*索引
时间字段选择 trigger_event.schedule.triggered_time
在Discover页面查询相关数据
3.查询历史记录
GET .watch_history-2015.05.11/_search
{
"query" : { "match_all" : {} }
}
查询所有的历史记录
GET .watch_history*/_search
{
"query" : { "match" : { "watch_id": "rss_watch"}}
}
4.查询所有的state数据
GET .watch_history*/_search
{
"query" : { "match" : { "state": "throttled"}}
}
5.查询时间段的触发记录
GET .watch_history*/_search
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "*",
"analyze_wildcard": true
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"trigger_event.schedule.scheduled_time": {
"gte": 1430438400000,
"lte": 1431820800000
}
}
}
],
"must_not": []
}
}
}
},
"size": 0,
"aggs": {
"2": {
"date_histogram": {
"field": "trigger_event.schedule.scheduled_time",
"interval": "30s",
"pre_zone": "-07:00",
"pre_zone_adjust_large_interval": true,
"min_doc_count": 1,
"extended_bounds": {
"min": 1430438400000,
"max": 1431820800000
}
}
}
}
}
6.管理历史记录索引
PUT _watcher/watch/manage_history
{
"metadata": {
"keep_history_days": 7
},
"trigger": {
"schedule": {
"interval": "1d"
}
},
"input": {
"simple": {}
},
"condition": {
"always": {}
},
"transform": {
"script" : "return [ dateToDelete : '/.watch_history-' + ctx.execution_time.minusDays(ctx.metadata.keep_history_days).toString('yyyy.MM.dd') ]"
},
"actions": {
"delete_old_index": {
"webhook": {
"method": "DELETE",
"host": "localhost",
"port": 9200,
"path": "{{ctx.payload.dateToDelete}}"
}
}
}
}