how to send email alert to groups based on condition success in kibana watcher action
I am able to categorize various error like this ---
But i want to send email to groups based on error message.
Something like ---
when error ie "key"= "Response status code does not indicate success Service Unavailable" ---send email to group 1 [user1@gmail.com,user2@gmail.com,user3@gmail.com]
when error ie "key"= "Response status code does not indicate success Gateway" ---send email to group 2 [user4@gmail.com,user5@gmail.com,user6@gmail.com]
I have done upto this much ---
"actions": {
"send_email": {
"throttle_period_in_millis": 300000,
"condition": {
"script": {
"source": " def status = false; for(int i=0; i<ctx.payload.failure_request.aggregations.categories.buckets.length;i++) {if(ctx.payload.failure_request.aggregations.categories.buckets[i].key.contains('Response status code does not indicate success')) {status = true}} return status ",
"lang": "painless"
}
},
"email": {
"profile": "standard",
"to": [
"avinash.singh1@spglobal.com"
],
"subject": "{{ctx.metadata.email_subject}}",
"body": {
"html": "Error Found: <ul> {{ctx.payload.aggregations.categories.buckets.length}}"
}
}
}
}
Even Email is going to the given email when condition is pass ie when key contains that message. But I want to send email based on message match for specific group at one go.
can any one help me on this if we have something in painless language to write logic like case statement.
Appreciate your help in advance.
Solution
These is my advice, I hope that can help you.
solution one: match with a string
"actions": {
"email_group_one" : {
"condition": {
"script": {
"source": "def status = ctx.payload.failure_request.aggregations.categories.buckets; if (status.size() == 0) return false; return hosts.stream().anyMatch(p -> p.key == 'Response status code does not indicate success Service Unavailable');"
"lang": "painless"
}
},
"email" : {
"to" : ["user1@gmail.com","user2@gmail.com","user3@gmail.com"],
"subject" : "YOUR SUBJEC",
"body" : {
"html": "YOUR HTML CODE"
}
}
},
"email_group_two" : {
"condition": {
"script": {
"source": "def status = ctx.payload.failure_request.aggregations.categories.buckets; if (status.size() == 0) return false; return hosts.stream().anyMatch(p -> p.key == 'Response status code does not indicate success Gateway');"
"lang": "painless"
}
},
"email" : {
"to" : ["user4@gmail.com","user5@gmail.com","user5@gmail.com"],
"subject" : "YOUR SUBJECT",
"body" : {
"html": "YOUR HTML CODE"
}
}
}
}
solution two: match with multiple values like a,b,c and d
"actions": {
"email_group_one" : {
"condition": {
"script": {
"source": "def myArray= ['a', 'b', 'c', 'd'];def status = ctx.payload.failure_request.aggregations.categories.buckets; if (status.size() == 0) return false; return hosts.stream().anyMatch(p -> p.key in myArray);"
"lang": "painless"
}
},
"email" : {
"to" : ["user1@gmail.com","user2@gmail.com","user3@gmail.com"],
"subject" : "YOUR SUBJEC",
"body" : {
"html": "YOUR HTML CODE"
}
}
},
"email_group_two" : {
"condition": {
"script": {
"source": "def myArray= ['e', 'f', 'g', 'h'];def status = ctx.payload.failure_request.aggregations.categories.buckets; if (status.size() == 0) return false; return hosts.stream().anyMatch(p -> p.key in myArray);"
"lang": "painless"
}
},
"email" : {
"to" : ["user4@gmail.com","user5@gmail.com","user5@gmail.com"],
"subject" : "YOUR SUBJECT",
"body" : {
"html": "YOUR HTML CODE"
}
}
}
}
the code has not been tested, you may have syntax errors.
- ElasticSearch in Spring with @Query
- What is the best practice for ensuring idempotency for downloading a binary with Ansible?
- Logstash install error: can't get unique system GID (no more available GIDs)
- Can't configure elastic search with spring boot in docker network
- `index_prefixes` in OpenSearch?
- How to get latest values for each group with an Elasticsearch query?
- What does it mean when an Elasticsearch index has yellow health?
- Is it possible to transfer data from Redshift to Elasticsearch?
- How elastic queries work with contradicting statements
- Can filebeat dissect a log line with spaces?
- How to undo setting Elasticsearch Index to readonly?
- Date range filter not getting excluded from date histogram under global aggregations in elastic query
- "United States" not ["United","States"]
- Get all field names in an index elasticsearch python
- How to really reindex data in elasticsearch
- elasticsearch match_phrase returns same score for fields with exact and not exact match
- inner_hits aggregations in ElasticSearch
- Sorting a reverse nested back to parent aggregation
- Elasticsearch: how to list roles assigned to the current SSO user via role mappings
- How to setup password for elasticsearch users?
- OpenSearch prevent script_score from running more than once
- Elasticsearch intermittently killed
- Elasticsearch: Job for elasticsearch.service failed
- problem with adding new node to elasticsearch cluster
- AWS SSO/AWS Opensearch SAML integration
- Logstash field is never shown after aggregation
- Elastic Search total index size
- Elastic Search Give an error No alive nodes found in your cluster
- The remote server returned an error: (413) Request Entity Too Large. Elasticsearch and JSON
- unassigned_shards how to solve it