Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Create EventBridge rules based on embedded matching Arrays

0

I'm trying to create EventBridge rules to make real-time alerts based on data from the Greengrass Telemetry Emitter Component. I have created IoT rules to adjust the message to an object with fields for Eventbridge to match on, but I'm not sure how to create a rule to match on part of the array the Component sends. Below is the event after the IoT rules I've created, I'm attempting to alert on the "NumberOfComponentsBroken" and "NumberOfComponentsErrored" objects in the array.

{
  "$unknown": [
    {
      "NS": "SystemMetrics",
      "N": "CpuUsage",
      "U": "Percent",
      "A": "Average",
      "V": 1.3268520643398076,
      "TS": 1772572459659
    },
    {
      "NS": "SystemMetrics",
      "N": "TotalNumberOfFDs",
      "U": "Count",
      "A": "Count",
      "V": 10432,
      "TS": 1772572459659
    },
    {
      "NS": "SystemMetrics",
      "N": "SystemMemUsage",
      "U": "Megabytes",
      "A": "Count",
      "V": 4146,
      "TS": 1772572459659
    },
    {
      "NS": "GreengrassComponents",
      "N": "NumberOfComponentsStarting",
      "U": "Count",
      "A": "Count",
      "V": 0,
      "TS": 1772572459659
    },
    {
      "NS": "GreengrassComponents",
      "N": "NumberOfComponentsInstalled",
      "U": "Count",
      "A": "Count",
      "V": 0,
      "TS": 1772572459659
    },
    {
      "NS": "GreengrassComponents",
      "N": "NumberOfComponentsStateless",
      "U": "Count",
      "A": "Count",
      "V": 0,
      "TS": 1772572459659
    },
    {
      "NS": "GreengrassComponents",
      "N": "NumberOfComponentsStopping",
      "U": "Count",
      "A": "Count",
      "V": 0,
      "TS": 1772572459659
    },
    {
      "NS": "GreengrassComponents",
      "N": "NumberOfComponentsBroken",
      "U": "Count",
      "A": "Count",
      "V": 0,
      "TS": 1772572459659
    },
    {
      "NS": "GreengrassComponents",
      "N": "NumberOfComponentsRunning",
      "U": "Count",
      "A": "Count",
      "V": 12,
      "TS": 1772572459659
    },
    {
      "NS": "GreengrassComponents",
      "N": "NumberOfComponentsErrored",
      "U": "Count",
      "A": "Count",
      "V": 0,
      "TS": 1772572459659
    },
    {
      "NS": "GreengrassComponents",
      "N": "NumberOfComponentsNew",
      "U": "Count",
      "A": "Count",
      "V": 0,
      "TS": 1772572459659
    },
    {
      "NS": "GreengrassComponents",
      "N": "NumberOfComponentsFinished",
      "U": "Count",
      "A": "Count",
      "V": 4,
      "TS": 1772572459659
    }
  ],
  "thingName": [
    "sightio-tdcoffice"
  ],
  "detailtype": [
    "Telemetry"
  ],
  "source": [
    "greengrass.telemetry"
  ]
}

I'm open to creating CloudWatch alerts/alarms instead of EventBridge if needed.

Topics
Application IntegrationServerlessManagement & GovernanceInternet of Things (IoT)
Tags
Amazon CloudWatch AlarmsAWS IoT CoreAmazon EventBridge
Language
English
asked 13 days ago48 views
2 Answers
0

To create EventBridge rules that match on specific elements within your array, you'll need to understand how EventBridge handles array matching. When an event pattern field contains an array, EventBridge matches the event if the intersection of the pattern array and the event array is non-empty - meaning if any value in your pattern array matches any value in the event array.

However, your current event structure presents a challenge. The array is under a field called "$unknown" and contains objects with multiple properties (NS, N, U, A, V, TS). EventBridge's array matching works best when you're matching on simple values or when the array elements themselves are the values you want to match.

For your use case, I'd recommend restructuring your event data before it reaches EventBridge. Instead of having all metrics in a single array under "$unknown", consider transforming the event in your IoT rule to create separate top-level fields for the metrics you care about. For example:

{
"NumberOfComponentsBroken": 0,
"NumberOfComponentsErrored": 0,
"thingName": "sightio-tdcoffice",
"detailtype": "Telemetry",
"source": "greengrass.telemetry"
}

With this structure, you can create an EventBridge rule with an event pattern like:

{
"source": ["greengrass.telemetry"],
"detail": {
"NumberOfComponentsBroken": [{"numeric": [">", 0]}]
}
}

This would trigger whenever NumberOfComponentsBroken is greater than 0. You can use comparison operators like "numeric" with conditions such as ">", ">=", "<", "<=", or "=" to match on specific value ranges.

Alternatively, if you prefer to use CloudWatch for this monitoring, you could send these metrics directly to CloudWatch Metrics and create CloudWatch Alarms based on threshold values, which might be more straightforward for numeric monitoring scenarios like component health status.
Sources
Matching on multiple values for an event field in Amazon EventBridge - Amazon EventBridge
Creating rules in Amazon EventBridge - Amazon EventBridge

answered 13 days ago
EXPERT
reviewed 12 days ago
0

I'm open to restructuring the object, but I am trying to avoid creating another component to run on the device. Is there a way to restructure this data through more IoT rules?

answered 13 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content