ElasticSearch预警服务-Watcher详解-管理Watcher服务
1.监听
Watcher相关的数据存储在.watches索引中,该索引具有只读权限,
必须通过API来创建,更新和删除。
GET .watches/_search { "fields" : [], "query" : {"match_all" : { } } }
2.通过Kibana监控Watcher历史数据
在kibana中配置 setting>indices
配置.watch_history*索引
时间字段选择 trigger_event.schedule.triggered_time
在Discover页面查询相关数据
3.查询历史记录
GET .watch_history-2015.05.11/_search { "query" : { "match_all" : {} } }
查询所有的历史记录
GET .watch_history*/_search { "query" : { "match" : { "watch_id": "rss_watch"}} }
4.查询所有的state数据
GET .watch_history*/_search { "query" : { "match" : { "state": "throttled"}} }
5.查询时间段的触发记录
GET .watch_history*/_search { "query": { "filtered": { "query": { "query_string": { "query": "*", "analyze_wildcard": true } }, "filter": { "bool": { "must": [ { "range": { "trigger_event.schedule.scheduled_time": { "gte": 1430438400000, "lte": 1431820800000 } } } ], "must_not": [] } } } }, "size": 0, "aggs": { "2": { "date_histogram": { "field": "trigger_event.schedule.scheduled_time", "interval": "30s", "pre_zone": "-07:00", "pre_zone_adjust_large_interval": true, "min_doc_count": 1, "extended_bounds": { "min": 1430438400000, "max": 1431820800000 } } } } }
6.管理历史记录索引
PUT _watcher/watch/manage_history { "metadata": { "keep_history_days": 7 }, "trigger": { "schedule": { "interval": "1d" } }, "input": { "simple": {} }, "condition": { "always": {} }, "transform": { "script" : "return [ dateToDelete : '/.watch_history-' + ctx.execution_time.minusDays(ctx.metadata.keep_history_days).toString('yyyy.MM.dd') ]" }, "actions": { "delete_old_index": { "webhook": { "method": "DELETE", "host": "localhost", "port": 9200, "path": "{{ctx.payload.dateToDelete}}" } } } }