Accessing .watcher-history index in Canvas?

VishalBhalla · February 1, 2021, 10:54am

Hello, I can't seem to access the .watcher-history index from within Canvas.

Trying to use an ESSQL query such as:

SELECT "result.input.payload.alert.hits.hits"
FROM ".watcher-history"
LIMIT 99

Just results in the error:

Whoops! Expression failed
Expression failed with the message:
 
[essql] > Unexpected error from Elasticsearch: [verification_exception] Found 1 problem line 3:6: Unknown index [.watcher-history]

I know I can access this data via a Visualisation, but I'd prefer to do this in Canvas. Is this possible?

Thanks.

azasypkin · February 1, 2021, 12:24pm

I don't think there is an index with such name. I know Watcher indices always have a date/version postfix, like this .watcher-history-7-2018.03.24. Have you tried FROM ".watcher-history*" instead (quotes are important)?

Best,
Oleg

VishalBhalla · February 1, 2021, 1:56pm

Yup, that was it! Doh! So ended up with:

SELECT watch_id

FROM ".watcher-history*"

GROUP BY watch_id

Thanks!

system · March 1, 2021, 1:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.