Skip to content

Instantly share code, notes, and snippets.

@joshuar

joshuar/Watch Average RTT

Created August 25, 2015 03:12
Show Gist options
  • Save joshuar/3fee16aaa277a6db1bd8 to your computer and use it in GitHub Desktop.
Save joshuar/3fee16aaa277a6db1bd8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Watch Average RTT
"trigger": {
"schedule": {
"interval": "10m"
}
},
"input": {
"search": {
"request": {
"search_type": "count",
"indices": [
"logstash-*"
],
"types": [],
"body": {
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-10m",
"lte": "now"
}
}
},
{
"term": {
"tags": "amazon"
}
}
]
}
}
}
},
"aggs": {
"minutes": {
"date_histogram": {
"field": "@timestamp",
"interval": "minute"
},
"aggs": {
"targets": {
"terms": {
"field": "target_host.raw",
"size": 10
},
"aggs": {
"avg_rtt": {
"avg": {
"field": "rtt"
}
}
}
}
}
}
}
}
},
"timeout": "30s"
}
},
"condition": {
"script": "if (ctx.payload.aggregations.minutes.buckets.size() == 0) return false; def latest = ctx.payload.aggregations.minutes.buckets[-1]; def target = latest.targets.buckets[0]; return target && target.avg_rtt && target.avg_rtt.value >= 20;"
},
"throttle_period": "1h",
"actions": {
"send_email": {
"transform": {
"script": "def latest = ctx.payload.aggregations.minutes.buckets[-1]; return latest.targets.buckets.findAll { return it.avg_rtt && it.avg_rtt.value >= 20 };"
},
"email": {
"profile": "standard",
"to": [
"[email protected]"
],
"subject": "Watcher - High Amazon RTT",
"body": {
"text": "Amazon instances with high RTT (above 20ms):\n\n{{#ctx.payload._value}}\"{{key}}\" - RTT: {{avg_rtt.value}}ms\n{{/ctx.payload._value}}"
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment