Dandy
March 19, 2020, 6:04am
1
This is a bit of a weird one, if I pass through an alert with aggregations during the Define Monitor
section of creating a monitor, I get the following behaviour:
"must": [
{
"range": {
"@timestamp": {
"format": "strict_date_optional_time",
"gte": "2020-03-18T23:54:53.351Z",
"lte": "2020-03-19T05:54:53.351Z"
}
}
}
It works fine without issue and returns results. If I do the same query, with the interval set as a 6 hour period, with the following:
"must": [
{
"range": {
"@timestamp": {
"format": "strict_date_optional_time",
"gte": "{{period_start}}",
"lte": "{{period_end}}"
}
}
}
],
I get a response back from the API stating:
{"ok":true,"resp":{"monitor_name":"TEMP_MONITOR","period_start":1584576246230,"period_end":1584597846230,"error":null,"input_results":{"results":[],"error":"all shards failed"},"trigger_results":{}}}
Anyone else ever experienced this?
Dandy
March 19, 2020, 6:21am
2
Looks like the peiord_start
and period_end
dates are crazy out of whack for some reason
For anyone else running into issue:
opened 07:09AM - 19 Mar 20 UTC
closed 04:40AM - 30 Mar 20 UTC
bug
**Describe the bug**
This may be user error, but this has worked for me in the … past.
When creating a monitor in 1.2.0 I am trying to preview the results by clicking "Run", but the executed search term returns the following:
```json
{"ok":true,"resp":{"monitor_name":"Disk Checks","period_start":1584582619372,"period_end":1584600619372,"error":null,"input_results":{"results":[],"error":"all shards failed"},"trigger_results":{}}}
```
If you look at the epoch in the start and end date for this, they are off by a significant margin:
```
dandy@DESKTOP:~$ date -d @1584582619372
Wed Jun 4 23:42:52 JST 52183
dandy@DESKTOP:~$ date -d @1584600619372
Tue Dec 30 07:42:52 JST 52183
```
These are the query conditions:
```json
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": "{{period_start}}",
"to": "{{period_end}}",
"include_lower": true,
"include_upper": true,
"format": "strict_date_optional_time",
"boost": 1
}
}
}
],
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"msg": {
"query": "error",
"slop": 0,
"zero_terms_query": "NONE",
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"minimum_should_match": "1",
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
```
I can't figure out why this is happening but it seem to be consistent even after saving.
**Other plugins installed**
Every plugin that comes with Opendistro ES.
**To Reproduce**
Steps to reproduce the behavior:
1. Go to 'Alerting'
2. Create a new Monitor
3. Enter and interval and extractiong query
4. Enter a valid query that should return results, with the variables {{period_blah}} in the range
5. Hit run
**Expected behavior**
I'd expect the correct results and correct times to be passed into the query.
**Desktop (please complete the following information):**
- OS: Windows 10 / Ubuntu 18
- Browser [e.g. chrome, safari]: I've recreated this on the latest Chrome and Firefox
1 Like