I want to set watcher send mail to if usage of CPU in last X minutes over N%.
First elasticsearch get data from remote server through metricbeat on each minutes. Then i want to by using that data inform administrator off high CPU usage on remote sever.
I setup mail and i finish part if Memory usage is high, but problem is with CPU usage, is 4core processor. I don't to write aggs function and condition. I try something with code from github but i can't change function to work with metricbeat.
this worked for me. It sends mails whenever a host informs 5 hits (> 95% CPU) in a minute:
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"metricbeat-*"
],
"types": [],
"body": {
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "now-{{ctx.metadata.window_period}}"
}
}
},
{
"range": {
"system.process.cpu.total.pct": {
"gte": "{{ctx.metadata.threshold}}"
}
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 5
}
}
},
"actions": {
"email_me": {
"throttle_period_in_millis": 300000,
"email": {
"profile": "standard",
"attachments": {
"datalles.json": {
"data": {
"format": "json"
}
}
},
"from": "xxxx@gmail.com",
"to": [
"yyyy@gmail.com"
],
"subject": " CPU overhead",
"body": {
"html": "The following hosts are running over {{ctx.metadata.threshold}}% CPU: <br><br>{{#ctx.payload.hits.hits}} <b>{{_source.beat.hostname}}</b> ({{_source.system.process.cpu.total.pct}}%) <br> {{/ctx.payload.hits.hits}}"
}
}
}
},
"metadata": {
"window_period": "1m",
"threshold": 0.95
}
}
