ElasticSearch预警服务-Watcher详解-Transform设置
Transform(数据转换),在Watcher服务的Action执行前执行。
可以执行Transform的位置有两次,分别是:
1.全局定义(Watch Level),将对所有的Watch动作生效
2.局部定义(Action Level),只对指定的Watch动作生效
设置案例:
{ "trigger" : { ...} "input" : { ... }, "condition" : { ... }, "transform" : { #此处为全局的 "search" : { "body" : { "query" : { "match_all" : {} } } } } "actions" : { "tyler_webhook": { "transform" : { #次数为局部 "script" : "return ctx.payload.hits" } "webhook" : { "host" : "host.domain", "port" : 8089, "path" : "/notify/{{ctx.watch_id}}" } } ] ... }
目前支持的三种定义类型为search, script ,chain
1.Search Transform
执行一个查询,并将返回结果替换Context中的内容。
来看一下局部定义的Search Transform:
{ ... "transform" : { "search" : { "body" : { "query" : { "match_all" : {} } } } } ... }
#带参数定义
{ "transform" : { "search" : { "search_type" : "count", #执行Count操作 "indices" : [ "logstash-*" ], #查询所有以logstash开头的索引 "body" : { "query" : { "match" : { "priority" : "error"} #查询proiority为Error的数据 } } } } }
#支持ES的全部搜索API格式...
{ "transform" : { "search" : { "search_type" : "count", "index" : [ "logstash-*" ], "type" : "event", "body" : { "query" : { "filtered" : { "filter" : { "bool" : { "must" : [ { "range" : { "@timestamp" : { "from" : "{{ctx.trigger.scheduled_time}}||-30s", "to" : "{{ctx.trigger.triggered_time}}" } } }, { "query" : { "match" : { "priority" : "error"} } } ] } } } } } } } }
#支持 inline template查询
{ "transform" : { "search" : { "search_type" : "count", "index" : [ "logstash-*" ], "type" : "event", "body" : { "template" { "inline" : { "query" : { "filtered" : { "filter" : { "bool" : { "must" : [ { "range" : { "@timestamp" : { "from" : "{{ctx.trigger.scheduled_time}}||-30s", "to" : "{{ctx.trigger.triggered_time}}" } } }, { "query" : { "match" : { "priority" : "{{priority}}"} } } ] } } } }, "params" : { "priority" : "error" } } } } } } }
2.Script Transform
需要注意的是,从ESv1.4.3开始, inline groovy scripts功能是默认关闭的,请注意开启
简单的脚本设置定义:
{ ... "transform" : { "script" : "return [ time : ctx.trigger.scheduled_time ]" #Groovy脚本 } ... }
3.Chain Transform
链式数据转换,指可以指定多个Transform组成数据量,一个Transform的输出作为下一个Transfrom的输入.
{ ... "transform" : { "chain" : [ #定义格式 { "search" : { #搜索Transform,执行count查询 "search_type" : "count", "indices" : [ "logstash-*" ], "body" : { "query" : { "match" : { "priority" : "error"} } } } }, { #脚本Transform,将count结果赋值给Error_count字段 "script" : "return [ error_count : ctx.payload.hits.total ]" } ] } ... }
相关推荐
最新版 elasticsearch-analysis-ik-7.17.6.zip最新版 elasticsearch-analysis-ik-7.17.6.zip
elasticsearch-head-compile-after.tar.gz+node-v8.1.2-linux-x64.ta
最新版linux elasticsearch-7.13.3-linux-x86_64.tar.gz最新版linux elasticsearch-7.13.3-linux-x86_64.tar.gz
最新版linux elasticsearch-7.13.4-linux-x86_64.tar.gz最新版linux elasticsearch-7.13.4-linux-x86_64.tar.gz
最新版windows elasticsearch-7.17.6-windows-x86_64.zip最新版windows elasticsearch-7.17.6-windows-x86_64.zip
elasticsearch-analysis-ik-7.17.0
elasticsearch-7.17.4-x86_64.rpm文件 elasticsearch-7.17.4-x86_64.rpm文件 elasticsearch-7.17.4-x86_64.rpm文件 elasticsearch-7.17.4-x86_64.rpm文件 elasticsearch-7.17.4-x86_64.rpm文件 elasticsearch-7.17.4...
资源来自pypi官网。 资源全名:elasticsearch-7.14.2-py2.py3-none-any.whl
elasticsearch-6.2.4.tar.gz与kibana-6.2.4-linux-x86_64.tar.gz 自己用的linux版安装包 安全 放心 方便易学习
最新版linux elasticsearch-7.12.0-linux-x86_64.tar.gz最新版linux elasticsearch-7.12.0-linux-x86_64.tar.gz
elasticsearch-6.5.4.tar.gz elasticsearch-analysis-ik-6.5.4 (1).zip es linux安装包及ik分词器插件 打包 elasticsearch-6.5.4.tar.gz elasticsearch-analysis-ik-6.5.4 (1).zip es linux安装包及ik分词器插件 ...
elastic-agent-7.17.4-x86_64.rpm文件 elastic-agent-7.17.4-x86_64.rpm文件 elastic-agent-7.17.4-x86_64.rpm文件 elastic-agent-7.17.4-x86_64.rpm文件 elastic-agent-7.17.4-x86_64.rpm文件 elastic-agent-7.17.4...
elasticsearch-ik-7.16.2 分词器
包含elasticsearch-6.2.4.tar.gz 和 kibana-6.2.4-linux-x86_64..tar.gz
最新版linux elasticsearch-7.13.2-linux-x86_64.tar.gz最新版linux elasticsearch-7.13.2-linux-x86_64.tar.gz
elasticsearch-6.2.2.tar.gz elasticsearch-6.2.3.zip elasticsearch-6.6.2.tar.gz elasticsearch-6.8.4.zip elasticsearch-7.3.2-linux-x86_64.tar.gz elasticsearch-7.3.2-windows-x86_64.zip elasticsearch-...
最新版 elasticsearch-analysis-ik-8.7.0.zip最新版 elasticsearch-analysis-ik-8.7.0.zip最新版 elasticsearch-analysis-ik-8.7.0.zip最新版 elasticsearch-analysis-ik-8.7.0.zip
最新版elasticsearch-7.17.0-windows-x86_64
elasticsearch-analysis-ik-7.14.0-c.zip elasticsearch-analysis-ik-7.14.0-c.zip elasticsearch-analysis-ik-7.14.0-c.zip
资源分类:Python库 所属语言:Python 资源全名:elasticsearch-7.15.0-py2.py3-none-any.whl 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059