Skip to content

Commit

Permalink
[OAS] Add actions to Elasticsearch query rule example
Browse files Browse the repository at this point in the history
  • Loading branch information
@lcawl
lcawl committed Aug 22, 2023
1 parent 32fa014 commit 2539da5
Show file tree
Hide file tree
Showing 4 changed files with 156 additions and 18 deletions.
70 changes: 64 additions & 6 deletions x-pack/plugins/alerting/docs/openapi/bundled.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6730,8 +6730,35 @@
},
"examples": {
"create_es_query_rule_request": {
"summary": "Create an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL).",
"summary": "Create an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL) to define its query and a server log connector to send notifications.",
"value": {
"actions": [
{
"group": "query matched",
"params": {
"level": "info",
"message": "The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts."
},
"id": "fdbece50-406c-11ee-850e-c71febc4ca7f",
"frequency": {
"throttle": "1d",
"summary": true,
"notify_when": "onThrottleInterval"
}
},
{
"group": "recovered",
"params": {
"level": "info",
"message": "Recovered"
},
"id": "fdbece50-406c-11ee-850e-c71febc4ca7f",
"frequency": {
"summary": false,
"notify_when": "onActionGroupChange"
}
}
],
"consumer": "alerts",
"name": "my Elasticsearch query rule",
"params": {
Expand All @@ -6741,7 +6768,7 @@
],
"size": 100,
"threshold": [
10
100
],
"thresholdComparator": ">",
"timeField": "@timestamp",
Expand All @@ -6750,7 +6777,7 @@
},
"rule_type_id": ".es-query",
"schedule": {
"interval": "1m"
"interval": "1d"
}
}
},
Expand Down Expand Up @@ -6840,15 +6867,46 @@
"rule_type_id": ".es-query",
"consumer": "alerts",
"schedule": {
"interval": "1m"
"interval": "1d"
},
"actions": [],
"actions": [
{
"group": "query matched",
"id": "fdbece50-406c-11ee-850e-c71febc4ca7f",
"params": {
"level": "info",
"message": "The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts."
},
"connector_type_id": ".server-log",
"frequency": {
"summary": true,
"notify_when": "onThrottleInterval",
"throttle": "1d"
},
"uuid": "53f3c2a3-e5d0-4cfa-af3b-6f0881385e78"
},
{
"group": "recovered",
"id": "fdbece50-406c-11ee-850e-c71febc4ca7f",
"params": {
"level": "info",
"message": "Recovered"
},
"connector_type_id": ".server-log",
"frequency": {
"summary": false,
"notify_when": "onActionGroupChange",
"throttle": null
},
"uuid": "2324e45b-c0df-45c7-9d70-4993e30be758"
}
],
"params": {
"thresholdComparator": ">",
"timeWindowSize": 1,
"timeWindowUnit": "d",
"threshold": [
10
100
],
"size": 100,
"timeField": "@timestamp",
Expand Down
52 changes: 46 additions & 6 deletions x-pack/plugins/alerting/docs/openapi/bundled.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4599,8 +4599,26 @@ components:
example: elastic
examples:
create_es_query_rule_request:
summary: Create an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL).
summary: Create an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL) to define its query and a server log connector to send notifications.
value:
actions:
- group: query matched
params:
level: info
message: The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts.
id: fdbece50-406c-11ee-850e-c71febc4ca7f
frequency:
throttle: 1d
summary: true
notify_when: onThrottleInterval
- group: recovered
params:
level: info
message: Recovered
id: fdbece50-406c-11ee-850e-c71febc4ca7f
frequency:
summary: false
notify_when: onActionGroupChange
consumer: alerts
name: my Elasticsearch query rule
params:
Expand All @@ -4609,14 +4627,14 @@ components:
- kibana_sample_data_logs
size: 100
threshold:
- 10
- 100
thresholdComparator: '>'
timeField: '@timestamp'
timeWindowSize: 1
timeWindowUnit: d
rule_type_id: .es-query
schedule:
interval: 1m
interval: 1d
create_es_query_kql_rule_request:
summary: Create an Elasticsearch query rule that uses Kibana query language (KQL).
value:
Expand Down Expand Up @@ -4689,14 +4707,36 @@ components:
rule_type_id: .es-query
consumer: alerts
schedule:
interval: 1m
actions: []
interval: 1d
actions:
- group: query matched
id: fdbece50-406c-11ee-850e-c71febc4ca7f
params:
level: info
message: The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts.
connector_type_id: .server-log
frequency:
summary: true
notify_when: onThrottleInterval
throttle: 1d
uuid: 53f3c2a3-e5d0-4cfa-af3b-6f0881385e78
- group: recovered
id: fdbece50-406c-11ee-850e-c71febc4ca7f
params:
level: info
message: Recovered
connector_type_id: .server-log
frequency:
summary: false
notify_when: onActionGroupChange
throttle: null
uuid: 2324e45b-c0df-45c7-9d70-4993e30be758
params:
thresholdComparator: '>'
timeWindowSize: 1
timeWindowUnit: d
threshold:
- 10
- 100
size: 100
timeField: '@timestamp'
index:
Expand Down
24 changes: 21 additions & 3 deletions x-pack/plugins/alerting/docs/openapi/components/examples/create_es_query_rule_request.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,23 @@
summary: Create an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL).
summary: Create an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL) to define its query and a server log connector to send notifications.
value:
actions:
- group: query matched
params:
level: info
message: "The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts."
id: fdbece50-406c-11ee-850e-c71febc4ca7f
frequency:
throttle: "1d"
summary: true
notify_when: onThrottleInterval
- group: recovered
params:
level: info
message: Recovered
id: fdbece50-406c-11ee-850e-c71febc4ca7f
frequency:
summary: false
notify_when: onActionGroupChange
consumer: alerts
name: my Elasticsearch query rule
params:
Expand All @@ -8,11 +26,11 @@ value:
- kibana_sample_data_logs
size: 100
threshold:
- 10
- 100
thresholdComparator: ">"
timeField: "@timestamp"
timeWindowSize: 1
timeWindowUnit: d
rule_type_id: .es-query
schedule:
interval: 1m
interval: 1d
28 changes: 25 additions & 3 deletions x-pack/plugins/alerting/docs/openapi/components/examples/create_es_query_rule_response.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,36 @@ value:
rule_type_id: .es-query
consumer: alerts
schedule:
interval: 1m
actions: []
interval: 1d
actions:
- group: query matched
id: fdbece50-406c-11ee-850e-c71febc4ca7f
params:
level: info
message: "The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts."
connector_type_id: .server-log
frequency:
summary: true
notify_when: onThrottleInterval
throttle: "1d"
uuid: 53f3c2a3-e5d0-4cfa-af3b-6f0881385e78
- group: recovered
id: fdbece50-406c-11ee-850e-c71febc4ca7f
params:
level: info
message: Recovered
connector_type_id: .server-log
frequency:
summary: false
notify_when: onActionGroupChange
throttle: null
uuid: 2324e45b-c0df-45c7-9d70-4993e30be758
params:
thresholdComparator: ">"
timeWindowSize: 1
timeWindowUnit: d
threshold:
- 10
- 100
size: 100
timeField: "@timestamp"
index:
Expand Down

0 comments on commit 2539da5

Please sign in to comment.