watcher 报警"ctx.payload.hits.total.value": null 无法触发报警
Kibana | 作者 yoling1985 | 发布于2019年11月05日 | 阅读数:3760
1、watcher 配置如下:{
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"filebeat-syslog*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"match": {
"action": "deny"
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total.value": {
"gt": 0
}
}
},
"actions": {
"my_webhook": {
"webhook": {
"scheme": "http",
"host": "10.0.0.55",
"port": 8080,
"method": "post",
"path": "/{{watch_id}}",
"params": {
"watch_id": "{{ctx.watch_id}}"
},
"headers": {
"Content-Type": "application/json"
},
"body": "Encountered {{ctx.payload.hits.total.value}} errors"
}
}
}
}
2、执行状态
{
"watch_id": "3506e848-0fef-40f9-8d10-15ed5da912e3",
"node": "PgMZ_IZ4SSSW4_nddKY8lA",
"state": "execution_not_needed",
"user": "elastic",
"status": {
"state": {
"active": true,
"timestamp": "2019-11-01T09:19:15.098Z"
},
"last_checked": "2019-11-05T06:32:31.720Z",
"actions": {
"my_webhook": {
"ack": {
"timestamp": "2019-11-01T09:19:15.098Z",
"state": "awaits_successful_execution"
}
}
},
"execution_state": "execution_not_needed",
"version": -1
},
"trigger_event": {
"type": "schedule",
"triggered_time": "2019-11-05T06:32:31.720Z",
"schedule": {
"scheduled_time": "2019-11-05T06:32:31.623Z"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"filebeat-syslog*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"match": {
"action": "deny"
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total.value": {
"gt": 0
}
}
},
"metadata": {
"name": "waf 报警",
"xpack": {
"type": "json"
}
},
"result": {
"execution_time": "2019-11-05T06:32:31.720Z",
"execution_duration": 843,
"input": {
"type": "search",
"status": "success",
"payload": {
"_shards": {
"total": 56,
"failed": 0,
"successful": 56,
"skipped": 0
},
"hits": {
"hits": [],
"total": 10000,
"max_score": null
},
"took": 842,
"timed_out": false
},
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"filebeat-syslog*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"match": {
"action": "deny"
}
}
}
}
}
},
"condition": {
"type": "compare",
"status": "success",
"met": false,
"compare": {
"resolved_values": {
"ctx.payload.hits.total.value": null
}
}
},
"actions": []
},
"messages": []
}
3、问题
"ctx.payload.hits.total.value": null 无法命中,请问如何处置
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"filebeat-syslog*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"match": {
"action": "deny"
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total.value": {
"gt": 0
}
}
},
"actions": {
"my_webhook": {
"webhook": {
"scheme": "http",
"host": "10.0.0.55",
"port": 8080,
"method": "post",
"path": "/{{watch_id}}",
"params": {
"watch_id": "{{ctx.watch_id}}"
},
"headers": {
"Content-Type": "application/json"
},
"body": "Encountered {{ctx.payload.hits.total.value}} errors"
}
}
}
}
2、执行状态
{
"watch_id": "3506e848-0fef-40f9-8d10-15ed5da912e3",
"node": "PgMZ_IZ4SSSW4_nddKY8lA",
"state": "execution_not_needed",
"user": "elastic",
"status": {
"state": {
"active": true,
"timestamp": "2019-11-01T09:19:15.098Z"
},
"last_checked": "2019-11-05T06:32:31.720Z",
"actions": {
"my_webhook": {
"ack": {
"timestamp": "2019-11-01T09:19:15.098Z",
"state": "awaits_successful_execution"
}
}
},
"execution_state": "execution_not_needed",
"version": -1
},
"trigger_event": {
"type": "schedule",
"triggered_time": "2019-11-05T06:32:31.720Z",
"schedule": {
"scheduled_time": "2019-11-05T06:32:31.623Z"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"filebeat-syslog*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"match": {
"action": "deny"
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total.value": {
"gt": 0
}
}
},
"metadata": {
"name": "waf 报警",
"xpack": {
"type": "json"
}
},
"result": {
"execution_time": "2019-11-05T06:32:31.720Z",
"execution_duration": 843,
"input": {
"type": "search",
"status": "success",
"payload": {
"_shards": {
"total": 56,
"failed": 0,
"successful": 56,
"skipped": 0
},
"hits": {
"hits": [],
"total": 10000,
"max_score": null
},
"took": 842,
"timed_out": false
},
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"filebeat-syslog*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"match": {
"action": "deny"
}
}
}
}
}
},
"condition": {
"type": "compare",
"status": "success",
"met": false,
"compare": {
"resolved_values": {
"ctx.payload.hits.total.value": null
}
}
},
"actions": []
},
"messages": []
}
3、问题
"ctx.payload.hits.total.value": null 无法命中,请问如何处置
2 个回复
yoling1985
赞同来自: echoyangjx
wajika
赞同来自: