Alert configuration using watcher

Elastic Stack Elasticsearch
1

Hi, we have Version: 6.5.4 running, we would like to configure alerts using "watcher" based on the events that we are getting on the logs.

We have several Fields on the CLS and we would like to trigger an alert when I see the message "Crashed" on the "_source" field.

{
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"logs-pcf-firehose-"
],
"types": [],
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"clsapplication": ""
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"email_admin": {
"email": {
"profile": "standard",
"to": [
"test@email.com"
],
"subject": "Test Alert"
}
}
}
}

could you please provide us the code to configure it.

Thanks,
Dhana

2

We have the "Crashed" message part of the msg filed on the cls,

example-
aused by: java.sql.SQLException: ORA-01652: unable to extend Crashed temp segment by 128 in tablespace

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.