Created
September 7, 2023 00:30
-
-
Save pmuellr/a286306034c52bac71717541d0902561 to your computer and use it in GitHub Desktop.
ES|QL to dump rule execution data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://www.elastic.co/guide/en/elasticsearch/reference/master/esql.html | |
| POST /_query | |
| { | |
| "query": """ | |
| FROM .kibana-event-log-* | |
| | WHERE event.provider == "alerting" | |
| | WHERE event.action == "execute" | |
| | RENAME kibana.alert.rule.execution.metrics.claim_to_start_duration_ms AS claim_to_start_duration_ms | |
| | RENAME kibana.alert.rule.execution.metrics.es_search_duration_ms AS es_search_duration_ms | |
| | RENAME kibana.alert.rule.execution.metrics.execution_gap_duration_s AS execution_gap_duration_s | |
| | RENAME kibana.alert.rule.execution.metrics.number_of_generated_actions AS number_of_generated_actions | |
| | RENAME kibana.alert.rule.execution.metrics.number_of_searches AS number_of_searches | |
| | RENAME kibana.alert.rule.execution.metrics.number_of_triggered_actions AS number_of_triggered_actions | |
| | RENAME kibana.alert.rule.execution.metrics.persist_alerts_duration_ms AS persist_alerts_duration_ms | |
| | RENAME kibana.alert.rule.execution.metrics.prepare_rule_duration_ms AS prepare_rule_duration_ms | |
| | RENAME kibana.alert.rule.execution.metrics.process_alerts_duration_ms AS process_alerts_duration_ms | |
| | RENAME kibana.alert.rule.execution.metrics.process_rule_duration_ms AS process_rule_duration_ms | |
| | RENAME kibana.alert.rule.execution.metrics.rule_type_run_duration_ms AS rule_type_run_duration_ms | |
| | RENAME kibana.alert.rule.execution.metrics.total_enrichment_duration_ms AS total_enrichment_duration_ms | |
| | RENAME kibana.alert.rule.execution.metrics.total_indexing_duration_ms AS total_indexing_duration_ms | |
| | RENAME kibana.alert.rule.execution.metrics.total_run_duration_ms AS total_run_duration_ms | |
| | RENAME kibana.alert.rule.execution.metrics.total_search_duration_ms AS total_search_duration_ms | |
| | RENAME kibana.alert.rule.execution.metrics.trigger_actions_duration_ms AS trigger_actions_duration_ms | |
| | KEEP | |
| claim_to_start_duration_ms, | |
| es_search_duration_ms, | |
| execution_gap_duration_s, | |
| number_of_generated_actions, | |
| number_of_searches, | |
| number_of_triggered_actions, | |
| persist_alerts_duration_ms, | |
| prepare_rule_duration_ms, | |
| process_alerts_duration_ms, | |
| process_rule_duration_ms, | |
| rule_type_run_duration_ms, | |
| total_enrichment_duration_ms, | |
| total_indexing_duration_ms, | |
| total_run_duration_ms, | |
| total_search_duration_ms, | |
| trigger_actions_duration_ms | |
| """ | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment