summaryrefslogtreecommitdiffstats
path: root/extra/docker/elk/tools/EsAutoQuery/timeSince.json
diff options
context:
space:
mode:
Diffstat (limited to 'extra/docker/elk/tools/EsAutoQuery/timeSince.json')
-rw-r--r--extra/docker/elk/tools/EsAutoQuery/timeSince.json51
1 files changed, 51 insertions, 0 deletions
diff --git a/extra/docker/elk/tools/EsAutoQuery/timeSince.json b/extra/docker/elk/tools/EsAutoQuery/timeSince.json
new file mode 100644
index 0000000..6ee1493
--- /dev/null
+++ b/extra/docker/elk/tools/EsAutoQuery/timeSince.json
@@ -0,0 +1,51 @@
+{
+ "query" : {
+ "match_all": {}
+ },
+ "script_fields" : {
+ "timeSince" : {
+ "script" : {
+ "lang": "painless",
+ "source": "
+long now = System.currentTimeMillis();
+if (doc.get('closedLoopEventStatus.keyword').value == 'ABATED') {
+ return now - doc.get('closedLoopAlarmEnd').value;
+}
+if (doc.get('closedLoopEventStatus.keyword').value == 'ONSET') {
+ return now - doc.get('closedLoopAlarmStart').value;
+}
+if (doc.containsKey('notification.keyword')) {
+ return now - doc.get('notificationTime').value;
+}
+
+return null
+"
+ }
+ }
+ , "closedLoopAlarmStart" : {
+ "script" : {
+ "lang": "painless",
+ "source": "doc['closedLoopAlarmStart']"
+ }
+ }
+ , "closedLoopEventStatus" : {
+ "script" : {
+ "lang": "painless",
+ "source": "doc['closedLoopEventStatus.keyword']"
+ }
+ }
+ , "notification" : {
+ "script" : {
+ "lang": "painless",
+ "source": "doc['notification.keyword']"
+ }
+ }
+ , "notificationTime" : {
+ "script" : {
+ "lang": "painless",
+ "source": "doc['notificationTime'].value"
+ }
+ }
+
+ }
+}