bosun config to read a single field (string)
I am unable to read comma separated string field by bosun elastic search operation, however it works fine for numeric field. I want to read a field has comma separated strings, then I want to put it in template subject and notify to slack channel. Below how I read numeric value but same not working string, I want to read a field called "tags" that has comma separated values of string like "test,poc,custa,maria" $q = esstat(esls("metrics-xxx"), "host", esquery("metric", "disk"), "used_percent", "avg", "1m", "7m", "") $val = avg($q) Anyone worked on that?
I'm not sure I'm entirely clear on question. Few things to keep in mind: Elastic monitoring in Bosun is really intended for alerting on Logs, not metrics stored in elastic. You might be able to do it, but not a scenario that has been explored by any of the Bosun authors. Return types in Bosun's expression language or typed, the only type currently returned by elastic queries is a seriesSet (see http://bosun.org/expressions#elastic-query-functions) Are you sure you have a CSV string value, often in elastic you would map that to an array and have the analyzer split on commas. That being said if all you want to do is display it in the template, you can use either .ESQuery or .ESQueryAll to get the raw rows, and you display the .Tag field of some sample rows from your query (or maybe just the first row). See usage of these template functions in the docs.
Elasticsearch startup: not available immediately
Elasticsearch Partial Fields With Inner Hits
ElasticSearch issue when adding new path.data
To copy an index from one machine to another in elasticsearch
Elasticsearch 2.0: how to delete by query in Java
Erroneour match using snowball analyzer
ElasticSearch 2.0 upgrade now can't connect to server
Elasticsearch layered ordering
Elasticsearch significant terms on nested objects
System Configuration for 3 node elasticsearch cluster
Nest - how to write a span near query with multiple clauses?
low disk watermark [??%] exceeded on
Why are shards getting initialized and relocated during bulk insert
Terms Aggregation for nested field in Elastic Search
Why does kibana 3.x not work with elastic search 2.x?
Retrieving top terms query in Elasticsearch