yuwtennis · March 5, 2022 05:24
diff --git a/search.txt b/search.txt
 GET invoices/_search
 {
                  "size": 0,
                  "query": {"match_all": {} },
                  "aggs": {
                    "amount_by_month": {
                      "date_histogram": {
                        "field": "date",
                        "interval": "month",
                        "order": {
                          "_key": "asc"
                        }
                      },
                      "aggs": {
                        "total_amount": {
                          "sum": {
                            "field": "amount"
                          }
                        },
                        "derivative": {
                          "derivative": {
                            "buckets_path": "total_amount"
                          }
                        }
                      }
                    }
                  }
 }
diff --git a/search_result b/search_result
 #! Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.16/security-minimal-setup.html to enable security.
 #! [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
 {
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 4,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  },
  "aggregations" : {
    "amount_by_month" : {
      "buckets" : [
        {
          "key_as_string" : "2022-01-01T00:00:00.000Z",
          "key" : 1640995200000,
          "doc_count" : 1,
          "total_amount" : {
            "value" : 50.0
          }
        },
        {
          "key_as_string" : "2022-02-01T00:00:00.000Z",
          "key" : 1643673600000,
          "doc_count" : 1,
          "total_amount" : {
            "value" : 200.0
          },
          "derivative" : {
            "value" : 150.0
          }
        },
        {
          "key_as_string" : "2022-03-01T00:00:00.000Z",
          "key" : 1646092800000,
          "doc_count" : 2,
          "total_amount" : {
            "value" : 600.0
          },
          "derivative" : {
            "value" : 400.0
          }
        }
      ]
    }
  }
 }
diff --git a/watcher b/watcher
 PUT _watcher/watch/spike_monitoring
 {
  "metadata" : { 
    "color" : "red"
  },
  "trigger" : { 
    "schedule" : {
      "interval" : "1m"
    }
  },
  "input" : {
    "chain": { 
      "inputs": [
        {
          "init": {
            "search" : {
              "request" : {
                "indices" : "invoices",
                "body" : {
                  "size": 0,
                  "query": {"match_all": {} },
                  "aggs": {
                    "amount_by_month": {
                      "date_histogram": {
                        "field": "date",
                        "interval": "month",
                        "order": {
                          "_key": "asc"
                        }
                      },
                      "aggs": {
                        "total_amount": {
                          "sum": {
                            "field": "amount"
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        },
        {
          "enrich": {
            "transform": {
              "script": """
                double spike = ctx.payload.init.aggregations.amount_by_month.buckets[-1].total_amount.value / ctx.payload.init.aggregations.amount_by_month.buckets[-2].total_amount.value;
                return ['spike': spike]
              """
            }
          }
        }
      ]
    }
  },
  "condition" : { 
    "compare" : { "ctx.payload.enrich.spike" : { "gt" : 1.3 }}
  },
  "transform" : {},
  "actions" : { 
    "log" : {
      "logging" : {
        "text" : "executed at {{ctx.execution_time}}. is_spiked true value: {{ctx.payload.enrich.spike}}" 
      }
    }
  }
 }
	GET invoices/_search
	{
	"size": 0,
	"query": {"match_all": {} },
	"aggs": {
	"amount_by_month": {
	"date_histogram": {
	"field": "date",
	"interval": "month",
	"order": {
	"_key": "asc"
	}
	},
	"aggs": {
	"total_amount": {
	"sum": {
	"field": "amount"
	}
	},
	"derivative": {
	"derivative": {
	"buckets_path": "total_amount"
	}
	}
	}
	}
	}
	}
	#! Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.16/security-minimal-setup.html to enable security.
	#! [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
	{
	"took" : 1,
	"timed_out" : false,
	"_shards" : {
	"total" : 1,
	"successful" : 1,
	"skipped" : 0,
	"failed" : 0
	},
	"hits" : {
	"total" : {
	"value" : 4,
	"relation" : "eq"
	},
	"max_score" : null,
	"hits" : [ ]
	},
	"aggregations" : {
	"amount_by_month" : {
	"buckets" : [
	{
	"key_as_string" : "2022-01-01T00:00:00.000Z",
	"key" : 1640995200000,
	"doc_count" : 1,
	"total_amount" : {
	"value" : 50.0
	}
	},
	{
	"key_as_string" : "2022-02-01T00:00:00.000Z",
	"key" : 1643673600000,
	"doc_count" : 1,
	"total_amount" : {
	"value" : 200.0
	},
	"derivative" : {
	"value" : 150.0
	}
	},
	{
	"key_as_string" : "2022-03-01T00:00:00.000Z",
	"key" : 1646092800000,
	"doc_count" : 2,
	"total_amount" : {
	"value" : 600.0
	},
	"derivative" : {
	"value" : 400.0
	}
	}
	]
	}
	}
	}
	PUT _watcher/watch/spike_monitoring
	{
	"metadata" : {
	"color" : "red"
	},
	"trigger" : {
	"schedule" : {
	"interval" : "1m"
	}
	},
	"input" : {
	"chain": {
	"inputs": [
	{
	"init": {
	"search" : {
	"request" : {
	"indices" : "invoices",
	"body" : {
	"size": 0,
	"query": {"match_all": {} },
	"aggs": {
	"amount_by_month": {
	"date_histogram": {
	"field": "date",
	"interval": "month",
	"order": {
	"_key": "asc"
	}
	},
	"aggs": {
	"total_amount": {
	"sum": {
	"field": "amount"
	}
	}
	}
	}
	}
	}
	}
	}
	}
	},
	{
	"enrich": {
	"transform": {
	"script": """
	double spike = ctx.payload.init.aggregations.amount_by_month.buckets[-1].total_amount.value / ctx.payload.init.aggregations.amount_by_month.buckets[-2].total_amount.value;
	return ['spike': spike]
	"""
	}
	}
	}
	]
	}
	},
	"condition" : {
	"compare" : { "ctx.payload.enrich.spike" : { "gt" : 1.3 }}
	},
	"transform" : {},
	"actions" : {
	"log" : {
	"logging" : {
	"text" : "executed at {{ctx.execution_time}}. is_spiked true value: {{ctx.payload.enrich.spike}}"
	}
	}
	}
	}