summaryrefslogtreecommitdiffstats
path: root/extra/docker/elk/tools/EsAutoQuery/closedLoopAlarmDuration.json
diff options
context:
space:
mode:
Diffstat (limited to 'extra/docker/elk/tools/EsAutoQuery/closedLoopAlarmDuration.json')
-rw-r--r--extra/docker/elk/tools/EsAutoQuery/closedLoopAlarmDuration.json34
1 files changed, 34 insertions, 0 deletions
diff --git a/extra/docker/elk/tools/EsAutoQuery/closedLoopAlarmDuration.json b/extra/docker/elk/tools/EsAutoQuery/closedLoopAlarmDuration.json
new file mode 100644
index 0000000..5a29545
--- /dev/null
+++ b/extra/docker/elk/tools/EsAutoQuery/closedLoopAlarmDuration.json
@@ -0,0 +1,34 @@
+{
+ "query" : {
+ "bool": {
+ "must": [
+ { "match": { "closedLoopEventStatus": "ABATED" } }
+ ]
+ }
+ },
+ "script_fields" : {
+ "closedLoopAlarmDuration" : {
+ "script" : {
+ "lang": "painless",
+ "source": "
+if (doc.get('closedLoopEventStatus.keyword').value == 'ABATED') {
+ return doc.get('closedLoopAlarmEnd').value - doc.get('closedLoopAlarmStart').value;
+}
+return null
+"
+ }
+ }
+ , "closedLoopAlarmStart" : {
+ "script" : {
+ "lang": "painless",
+ "source": "doc['closedLoopAlarmStart']"
+ }
+ }
+ , "closedLoopAlarmEnd" : {
+ "script" : {
+ "lang": "painless",
+ "source": "doc['closedLoopAlarmEnd']"
+ }
+ }
+ }
+}