API tools faq
paste
Guest User

Original Failure

a guest
Mar 20th, 2020
910
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.82 KB | None | 0 0
raw download clone embed print report
  1. {
  2. "watch_id": "eve-error-prod",
  3. "node": "VOHGKu7SRzut0oM5dyUNQg",
  4. "state": "executed",
  5. "user": "elastic",
  6. "status": {
  7. "state": {
  8. "active": true,
  9. "timestamp": "2020-03-19T09:08:40.697Z"
  10. },
  11. "last_checked": "2020-03-20T07:01:03.760Z",
  12. "last_met_condition": "2020-03-20T07:01:03.760Z",
  13. "actions": {
  14. "freshdesk_alert": {
  15. "ack": {
  16. "timestamp": "2020-03-19T09:08:40.697Z",
  17. "state": "awaits_successful_execution"
  18. },
  19. "last_execution": {
  20. "timestamp": "2020-03-20T07:01:03.760Z",
  21. "successful": false,
  22. "reason": "received [502] status code"
  23. }
  24. },
  25. "notify-slack": {
  26. "ack": {
  27. "timestamp": "2020-03-20T07:01:03.760Z",
  28. "state": "ackable"
  29. },
  30. "last_execution": {
  31. "timestamp": "2020-03-20T07:01:03.760Z",
  32. "successful": true
  33. },
  34. "last_successful_execution": {
  35. "timestamp": "2020-03-20T07:01:03.760Z",
  36. "successful": true
  37. }
  38. },
  39. "email_administrator": {
  40. "ack": {
  41. "timestamp": "2020-03-20T07:01:03.760Z",
  42. "state": "ackable"
  43. },
  44. "last_execution": {
  45. "timestamp": "2020-03-20T07:01:03.760Z",
  46. "successful": true
  47. },
  48. "last_successful_execution": {
  49. "timestamp": "2020-03-20T07:01:03.760Z",
  50. "successful": true
  51. }
  52. }
  53. },
  54. "execution_state": "executed",
  55. "version": -1
  56. },
  57. "trigger_event": {
  58. "type": "schedule",
  59. "triggered_time": "2020-03-20T07:01:03.760Z",
  60. "schedule": {
  61. "scheduled_time": "2020-03-20T07:01:03.401Z"
  62. }
  63. },
  64. "input": {
  65. "search": {
  66. "request": {
  67. "search_type": "query_then_fetch",
  68. "indices": [
  69. "eve-*"
  70. ],
  71. "rest_total_hits_as_int": true,
  72. "body": {
  73. "query": {
  74. "bool": {
  75. "must": [
  76. {
  77. "match": {
  78. "log_level": "[error]"
  79. }
  80. },
  81. {
  82. "match": {
  83. "fields.environment_type": "production"
  84. }
  85. },
  86. {
  87. "range": {
  88. "@timestamp": {
  89. "gte": "now-1m"
  90. }
  91. }
  92. }
  93. ]
  94. }
  95. }
  96. }
  97. }
  98. }
  99. },
  100. "condition": {
  101. "compare": {
  102. "ctx.payload.hits.total": {
  103. "gt": 0
  104. }
  105. }
  106. },
  107. "result": {
  108. "execution_time": "2020-03-20T07:01:03.760Z",
  109. "execution_duration": 2681,
  110. "input": {
  111. "type": "search",
  112. "status": "success",
  113. "payload": {
  114. "_shards": {
  115. "total": 31,
  116. "failed": 0,
  117. "successful": 31,
  118. "skipped": 0
  119. },
  120. "hits": {
  121. "hits": [
  122. {
  123. "_index": "eve-2020.03.19-000038",
  124. "_type": "_doc",
  125. "_source": {
  126. "duration": "0.610",
  127. "input": {
  128. "type": "log"
  129. },
  130. "agent": {
  131. "hostname": "a28-app-1",
  132. "id": "142ac904-9bab-4b61-8722-8dc9af43445a",
  133. "type": "filebeat",
  134. "ephemeral_id": "3c86989c-a1dd-4823-98fa-4c092281d63f",
  135. "version": "7.6.0"
  136. },
  137. "@timestamp": "2020-03-20T07:00:08.079Z",
  138. "ecs": {
  139. "version": "1.4.0"
  140. },
  141. "log": {
  142. "file": {
  143. "path": "/var/log/eve/console.log"
  144. },
  145. "offset": 0
  146. },
  147. "@version": "1",
  148. "log_level": "[error]",
  149. "host": {
  150. "name": "a28-app-1"
  151. },
  152. "message": "{{REMOVED}}",
  153. "fields": {
  154. "log_type": "eve.console",
  155. "environment": "A28",
  156. "alert_email": "devops",
  157. "environment_type": "production"
  158. },
  159. "tags": [
  160. "eve",
  161. "beats_input_codec_plain_applied"
  162. ]
  163. },
  164. "_id": "JMa99nABmhy27pMs9EAm",
  165. "_score": 4.6705303
  166. }
  167. ],
  168. "total": 1,
  169. "max_score": 4.6705303
  170. },
  171. "took": 1477,
  172. "timed_out": false
  173. },
  174. "search": {
  175. "request": {
  176. "search_type": "query_then_fetch",
  177. "indices": [
  178. "eve-*"
  179. ],
  180. "rest_total_hits_as_int": true,
  181. "body": {
  182. "query": {
  183. "bool": {
  184. "must": [
  185. {
  186. "match": {
  187. "log_level": "[error]"
  188. }
  189. },
  190. {
  191. "match": {
  192. "fields.environment_type": "production"
  193. }
  194. },
  195. {
  196. "range": {
  197. "@timestamp": {
  198. "gte": "now-1m"
  199. }
  200. }
  201. }
  202. ]
  203. }
  204. }
  205. }
  206. }
  207. }
  208. },
  209. "condition": {
  210. "type": "compare",
  211. "status": "success",
  212. "met": true,
  213. "compare": {
  214. "resolved_values": {
  215. "ctx.payload.hits.total": 1
  216. }
  217. }
  218. },
  219. "actions": [
  220. {
  221. "id": "freshdesk_alert",
  222. "type": "webhook",
  223. "status": "failure",
  224. "reason": "received [502] status code",
  225. "webhook": {
  226. "request": {
  227. "host": "{{REMOVED}}.freshdesk.com",
  228. "port": 443,
  229. "scheme": "https",
  230. "method": "post",
  231. "path": "/api/v2/tickets",
  232. "headers": {
  233. "Content-Type": "application/json"
  234. },
  235. "auth": {
  236. "basic": {
  237. "username": "::es_redacted::",
  238. "password": "::es_redacted::"
  239. }
  240. },
  241. "body": "{{REMOVED}}"
  242. },
  243. "response": {
  244. "status": 502,
  245. "headers": {
  246. "date": [
  247. "Fri, 20 Mar 2020 07:01:06 GMT"
  248. ],
  249. "content-length": [
  250. "54"
  251. ],
  252. "x-ratelimit-total": [
  253. "5000"
  254. ],
  255. "connection": [
  256. "keep-alive"
  257. ],
  258. "content-type": [
  259. "text/html; charset=UTF-8"
  260. ],
  261. "cache-control": [
  262. "no-cache, no-store, must-revalidate"
  263. ],
  264. "x-ratelimit-remaining": [
  265. "4999"
  266. ],
  267. "x-ratelimit-used-currentrequest": [
  268. "1"
  269. ],
  270. "status": [
  271. "502 Bad Gateway"
  272. ],
  273. "x-fw-ratelimiting-managed": [
  274. "true"
  275. ]
  276. },
  277. "body": "<h2>Incomplete response received from application</h2>"
  278. }
  279. }
  280. },
  281. {
  282. "id": "notify-slack",
  283. "type": "slack",
  284. "status": "success",
  285. "slack": {
  286. "account": "monitoring",
  287. "sent_messages": [
  288. {
  289. "status": "success",
  290. "to": "#devops-alerts",
  291. "message": {
  292. "from": "Elasticsearch - Watcher",
  293. "attachments": [
  294. {
  295. "color": "danger",
  296. "title": "Detected an error in the Eve console",
  297. "text": "{{REMOVED}}"
  298. }
  299. ]
  300. }
  301. }
  302. ]
  303. }
  304. },
  305. {
  306. "id": "email_administrator",
  307. "type": "email",
  308. "status": "success",
  309. "email": {
  310. "account": "work",
  311. "message": {
  312. "id": "email_administrator_eve-error-prod_c5847df7-d090-497a-8401-7a678bcb8fd2-2020-03-20T07:01:03.760691Z",
  313. "from": "Watcher Alert <[email protected]>",
  314. "sent_date": "2020-03-20T07:01:05.253232Z",
  315. "to": [
  316. "[email protected]"
  317. ],
  318. "subject": "Detected an error in the Eve console for the [A28] Environment",
  319. "body": {
  320. "text": "{{REMOVED}}"
  321. }
  322. }
  323. }
  324. }
  325. ]
  326. },
  327. "messages": []
  328. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!