diff options
Diffstat (limited to 'extra/docker/elk/tools/EsAutoQuery')
3 files changed, 112 insertions, 0 deletions
diff --git a/extra/docker/elk/tools/EsAutoQuery/autoQueryLoop.sh b/extra/docker/elk/tools/EsAutoQuery/autoQueryLoop.sh new file mode 100755 index 0000000..4929412 --- /dev/null +++ b/extra/docker/elk/tools/EsAutoQuery/autoQueryLoop.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +QUERY_FILE=${1:-query.json} +INDEX=${2:-logstash-*} +HOST_URL=${3:-http://localhost:9200} +URL=$HOST_URL/$INDEX/_search + +function usage() { + echo "Usage: $0 [QUERY_FILE [INDEX [HOST_URL]]]" + echo + echo "This script automatically sends the query file to elasticsearch" + echo "each time it's modified." +} + +if [ "${1}" == "--help" ]; +then + usage + exit 0 +fi + +echo "Querying '$URL' with '$QUERY_FILE'" +while [ 1 ]; +do + curl -XGET "$URL" -H 'Content-Type: application/json' -d"@$QUERY_FILE" | js-beautify + echo + inotifywait -e modify query.json +done diff --git a/extra/docker/elk/tools/EsAutoQuery/closedLoopAlarmDuration.json b/extra/docker/elk/tools/EsAutoQuery/closedLoopAlarmDuration.json new file mode 100644 index 0000000..5a29545 --- /dev/null +++ b/extra/docker/elk/tools/EsAutoQuery/closedLoopAlarmDuration.json @@ -0,0 +1,34 @@ +{ + "query" : { + "bool": { + "must": [ + { "match": { "closedLoopEventStatus": "ABATED" } } + ] + } + }, + "script_fields" : { + "closedLoopAlarmDuration" : { + "script" : { + "lang": "painless", + "source": " +if (doc.get('closedLoopEventStatus.keyword').value == 'ABATED') { + return doc.get('closedLoopAlarmEnd').value - doc.get('closedLoopAlarmStart').value; +} +return null +" + } + } + , "closedLoopAlarmStart" : { + "script" : { + "lang": "painless", + "source": "doc['closedLoopAlarmStart']" + } + } + , "closedLoopAlarmEnd" : { + "script" : { + "lang": "painless", + "source": "doc['closedLoopAlarmEnd']" + } + } + } +} diff --git a/extra/docker/elk/tools/EsAutoQuery/timeSince.json b/extra/docker/elk/tools/EsAutoQuery/timeSince.json new file mode 100644 index 0000000..6ee1493 --- /dev/null +++ b/extra/docker/elk/tools/EsAutoQuery/timeSince.json @@ -0,0 +1,51 @@ +{ + "query" : { + "match_all": {} + }, + "script_fields" : { + "timeSince" : { + "script" : { + "lang": "painless", + "source": " +long now = System.currentTimeMillis(); +if (doc.get('closedLoopEventStatus.keyword').value == 'ABATED') { + return now - doc.get('closedLoopAlarmEnd').value; +} +if (doc.get('closedLoopEventStatus.keyword').value == 'ONSET') { + return now - doc.get('closedLoopAlarmStart').value; +} +if (doc.containsKey('notification.keyword')) { + return now - doc.get('notificationTime').value; +} + +return null +" + } + } + , "closedLoopAlarmStart" : { + "script" : { + "lang": "painless", + "source": "doc['closedLoopAlarmStart']" + } + } + , "closedLoopEventStatus" : { + "script" : { + "lang": "painless", + "source": "doc['closedLoopEventStatus.keyword']" + } + } + , "notification" : { + "script" : { + "lang": "painless", + "source": "doc['notification.keyword']" + } + } + , "notificationTime" : { + "script" : { + "lang": "painless", + "source": "doc['notificationTime'].value" + } + } + + } +} |