Elasticsearch integration for the alert

Questions
1

Hi Team,
I am new to n8n . I have created the work flow and alarm to get an email for missing hosts.

Below is the flow which I made. Please correct me / help me on the issue.

image
image1812×610 41.5 KB

I have attached the screenshot related to it.

I would like to create the n8n work flow where

  1. scheduler I would like to add the trigger and check every day in the morning.
  2. Get the list of hosts from last 1 year from the index , I have used the http request to get it.
    {
    “aggregations”: {
    “hosts”: {
    “composite”: {
    “sources”: [
    {
    “hostname”: {
    “terms”: {
    “field”: “host.name”
    }
    }
    }
    ]
    }
    }
    },
    “size”: 0
    }

Please correct me I am taking right aggregation or not .

  1. Taking the index and pushing into item-lists. to get the indices
  2. Split them and store them with the doc count
  3. Created one http-request so It will get the list of indices which are available in last 24hrs .So I can compare using merge to check the indices between the last 1 year and last 24 hrs indices are having some count and getting the traffic from the data-source towards Elasticsearch.
  4. If any indices are missing then send the email notification to respective person saying that we are not receiving the traffic from this particular host .

Please help me on this work flow

Thanks

2

Hi @DilipChiru, welcome to the community!

Please correct me I am taking right aggregation or not .

It seems this question is about requesting the correct aggregation from Elasticsearch. This isn’t so much an n8n question but more of an Elasticsearch question (which would also require knowledge about your data structure to answer), so perhaps you might want to ask in an Elasticsearch community about this?

  1. Taking the index and pushing into item-lists. to get the indices
  2. Split them and store them with the doc count
  3. Created one http-request so It will get the list of indices which are available in last 24hrs .So I can compare using merge to check the indices between the last 1 year and last 24 hrs indices are having some count and getting the traffic from the data-source towards Elasticsearch.
  4. If any indices are missing then send the email notification to respective person saying that we are not receiving the traffic from this particular host .

Please help me on this work flow

Sure, happy to help. Where exactly are you struggling right now (apart from the aggregation)?

1 Like