/
elk-client.rb
executable file
·45 lines (37 loc) · 991 Bytes
/
elk-client.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/usr/bin/env ruby
require 'net/http'
require 'json'
@host = "es-host.com"
@port = 9200
@container = "app-name"
@ttl = "60m"
@post_ws = "/logstash-2015.10.10/log-type/_search"
@query = <<-EOS
{
"filter" : {
"and" : [
{ "term" : { "app_id.raw" : "#{@container}" } },
{ "or" : [
{ "term" : { "level.raw" : "ERROR" } },
{ "term" : { "level.raw" : "WARN" } }
]},
{"range" : { "@timestamp" : { "gte": "now-#{@ttl}" } } }
]
}
},
"sort" : [ {
"@timestamp" : {
"order" : "desc"
}
} ],
"size" : 1
}
EOS
puts @query
req = Net::HTTP::Post.new(@post_ws, initheader = {'Content-Type' =>'application/json'})
req.body = @query
response = Net::HTTP.new(@host, @port).start {|http| http.request(req) }
hits = JSON.parse(response.body)['hits']
error = hits['hits'][0]
puts error['_source']['logger_name']
puts error['_source']['message']