forked from sentinl/sentinl
-
Notifications
You must be signed in to change notification settings - Fork 0
KAAE Watcher Anatomy
Lorenzo Mangani edited this page Sep 10, 2016
·
3 revisions
KaaE watchers are modeled after Elasticsearch watchers and share the same configuration structure:
- Trigger
- Schedule
- Input
- Search
- Condition
- Script
- Transform
- Action
- Actions
{
"_index": "watcher",
"_type": "watch",
"_id": "new",
"_source": {
"trigger": {
"schedule": {
"later": "every 5 minutes"
}
},
"input": {
"search": {
"request": {
"indices": [
"<mos-{now/d}>",
"<mos-{now/d-1d}>"
],
"body": {}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total > 100"
}
},
"transform": {},
"actions": {
"email_admin": {
"throttle_period": "15m",
"email": {
"to": "alarm@localhost",
"subject": "KaaE Alarm",
"priority": "high",
"body": "Found {{payload.hits.total}} Events"
}
},
"slack_admin": {
"throttle_period": "15m",
"slack": {
"channel": "#kaae",
"message": "KaaE Alert! Found {{payload.hits.total}} Events"
}
}
}
}
}