docs/user/integration/sap-cloud-logging/alert-access-log-ingestion.json

{
    "name": "Kyma access log ingestion",
    "type": "monitor",
    "monitor_type": "query_level_monitor",
    "enabled": true,
    "schedule": {
       "period": {
          "unit": "MINUTES",
          "interval": 1
       }
    },
    "inputs": [
       {
          "search": {
             "indices": [
                "logs-json-istio-envoy-kyma-*"
             ],
             "query": {
                "size": 0,
                "aggregations": {},
                "query": {
                   "bool": {
                      "filter": [
                         {
                            "range": {
                               "@timestamp": {
                                  "gte": "{{period_end}}||-5m",
                                  "lte": "{{period_end}}",
                                  "format": "epoch_millis"
                               }
                            }
                         }
                      ]
                   }
                }
             }
          }
       }
    ],
    "triggers": [
       {
          "query_level_trigger": {
             "id": "7o90X4UBxib8bUp3mEDF",
             "name": "No access log ingestion",
             "severity": "2",
             "condition": {
                "script": {
                   "source": "ctx.results[0].hits.total.value < 1",
                   "lang": "painless"
                }
             },
             "actions": [
                {
                   "id": "7490X4UBxib8bUp3mEDF",
                   "name": "Notify",
                   "destination_id": "",
                   "message_template": {
                      "source": "Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue.\n  - Trigger: {{ctx.trigger.name}}\n  - Severity: {{ctx.trigger.severity}}\n  - Period start: {{ctx.periodStart}}\n  - Period end: {{ctx.periodEnd}}\n  - <link to your instance>/app/alerting",
                      "lang": "mustache"
                   },
                   "throttle_enabled": true,
                   "subject_template": {
                      "source": "No access logs from a Kyma runtime ingested since 5 min",
                      "lang": "mustache"
                   },
                   "throttle": {
                      "value": 60,
                      "unit": "MINUTES"
                   }
                }
             ]
          }
       }
    ],
    "ui_metadata": {
       "schedule": {
          "timezone": null,
          "frequency": "interval",
          "period": {
             "unit": "MINUTES",
             "interval": 1
          },
          "daily": 0,
          "weekly": {
             "tue": false,
             "wed": false,
             "thur": false,
             "sat": false,
             "fri": false,
             "mon": false,
             "sun": false
          },
          "monthly": {
             "type": "day",
             "day": 1
          },
          "cronExpression": "0 */1 * * *"
       },
       "search": {
          "searchType": "graph",
          "timeField": "@timestamp",
          "aggregations": [],
          "groupBy": [],
          "bucketValue": 5,
          "bucketUnitOfTime": "m",
          "where": {
             "fieldName": [],
             "fieldRangeEnd": 0,
             "fieldRangeStart": 0,
             "fieldValue": "",
             "operator": "is"
          }
       },
       "monitor_type": "query_level_monitor"
    }
 }