Tag: ELK

ELK – Watcher Commands

GET _watcher/watch/<watch_id>
DELETE _watcher/watch/my-watch
PUT _watcher/watch/my-watch?active=false
PUT _watcher/watch/<watch_id>/_activate
PUT _watcher/watch/<watch_id>/_deactivate
GET _watcher/stats
GET _watcher
PUT _watcher/_stop
PUT _watcher/_start
GET _watcher/stats/queued_watches
GET _watcher/stats/current_watches
GET _watcher/stats?metric=executing_watches
PUT _watcher/watch/my-watch/_ack?master_timeout=30s
DELETE _watcher/watch/my-watch?master_timeout=30s
 
PUT _watcher/watch/my-watch/my-action/_ack
 
PUT _watcher/watch/my-watch/_ack
PUT _watcher/watch/my-watch/action1,action2/_ack
 

logstash expression

if EXPRESSION {

} else if EXPRESSION {

} else {

}

EXPRESSION are Comparison tests, boolean logic, etc.

Comparison operators:
equality: ==, !=, <, >, <=, >=
regexp: =~, !~ (checks a pattern on the right against a string value on the left)
inclusion: in, not in

boolean operators:
and, or, nand, xor

unary operator:
!

group with parentheses (…)

Any “value” contains in “tags”:

if “value” in [tags] {
}

Check String Field:

if [myFieldName] =~ /.+/ {
# exists
}

if [myFieldName] !~ /.+/ {
# doesn’t exist
}

Check Number Field:

if [myFieldName] {
# exists
}