Hi all,
I created a query where I get for each host the number of documents (doc_count).
The response I get is clearly related only to those hosts that are up but not to those that are down
I should create a trigger that checks the status of all hosts and if it results in one or more down hosts it should indicate which host is down and send an alert via SNS.
How to create the trigger condition? thanks in advance for any help you can give me.
{
"_shards": {
"total": 10,
"failed": 0,
"successful": 10,
"skipped": 0
},
"hits": {
"hits": [],
"total": {
"value": 10000,
"relation": "gte"
},
"max_score": null
},
"took": 257,
"timed_out": false,
"aggregations": {
"agg2": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 52236,
"buckets": [
{
"doc_count": 17423,
"key": "host1"
},
{
"doc_count": 17422,
"key": "host2"
},
{
"doc_count": 17422,
"key": "cloud-log-system-fwd-dev01"
},
{
"doc_count": 17417,
"key": "host3"
},
{
"doc_count": 17416,
"key": "host4"
}
]
}
}
}