Alert that responds to result of webhook

I would like to be able to write an alert (watch) that executes a webhook on a schedule like every hour and sends a notification email if error http statuses occur. Is this supported, or do I have to have one watch to run the scheduled webhook and another watch to monitor the first watch's results?

This is a common use-case. Your watch would look like this

  1. Input: The input would be a search over the data from the last hour, that would be filtered based on the error condition (i.e. status code greater than equals 400 or 500 for example)
  2. Condition: Your condition would check if the number of hits returned by that search is greater than zero
  3. Action: Your action would be the sending of the email

Hope this helps!

--Alex

This helps. I have made some progress. I have this watch that uses a chained input to get the results of a http input but I'm unable to access the result in the condition script which doesn't work. I'd like to be able to get the http status_code and the input.status in case the http call completely fails

{
"trigger": {
"schedule": {
"hourly": {
"minute": [ 5 ]
}
}
},
"input": {
"chain": {
"inputs": [
{
"jira_http": {
"http": {
"request": {
"scheme": "https",
"host": "jira.mydomain.com",
"port": 443,
"method": "get",
"path": "/rest/api/2/issue/createmeta?projectKeys=MY-KEY",
"params": {},
"headers": {
"Authorization": "Basic {{ctx.metadata.JIRA_Authorization}}"
}
}
}
}
}
]
}
},
"condition": {
"script": {
"source": "return ctx.payload.jira_http.status != "success" || ctx.payload.jira_http._status_code != 200",
"lang": "painless"
}
},
"actions": {
"email_report": {
"email": {
"profile": "standard",
"to": [
"me@myemail.com"
],
"subject": "{{ctx.metadata.email_subject}}",
"body": {
"html": "

{{ctx.metadata.email_body_header}}

ctx.payload.jira_http : [{{ctx.payload.jira_http}}]

Executed watch [{{ctx.watch_id}}] at [{{ctx.execution_time}}].

Do not reply to this email. The sending account is not monitored."
}
}
}
},
"metadata": {
"email_body_header": "ES WATCHER TEST: JIRA connectivity test FAILED TEST Environment",
"JIRA_Authorization": "SECRET",
"email_subject": "ES WATCHER TEST: JIRA connectivity test FAILED TEST Environment"
}
}

When I simulate the watch I get this result

How do I access the field marked with *** in the condition

"result": {
"execution_time": "2019-04-03T21:08:08.986Z",
"execution_duration": 722,
"input": {
"type": "chain",
"status": "success",
"payload": {
"jira_http": {
"_headers": {
"date": [
"Wed, 03 Apr 2019 21:08:08 GMT"
],
"server": [
"Apache"
],
"x-asessionid": [
"k3w8p1"
],
"transfer-encoding": [
"chunked"
],
"vary": [
"Accept-Encoding,User-Agent"
],
"x-frame-options": [
"ALLOWALL",
"SAMEORIGIN"
],
"strict-transport-security": [
"max-age=63072000; includeSubDomains"
],
"set-cookie": [
"JSESSIONID=498D7941D9B863F712644D3D09CAE9F1;path=/;Secure;HttpOnly"
],
"x-seraph-loginreason": [
"OK"
],
"keep-alive": [
"timeout=15, max=1000"
],
"content-security-policy": [
"frame-ancestors *.mydomain.com *.sharepoint.com ;",
"frame-ancestors 'self'"
],
"x-content-type-options": [
"nosniff"
],
"x-xss-protection": [
"1; mode=block"
],
"x-ausername": [
"myfakeusername"
],
"x-arequestid": [
"968x7492054x5"
],
"connection": [
"Keep-Alive"
],
"content-type": [
"application/json;charset=UTF-8"
],
"served-by": [
"epig-01"
],
"cache-control": [
"no-cache, no-store, no-transform,"
],
"x-asen": [
"SEN-L13339226"
]
},
"expand": "projects",
"projects": ,
"_status_code": 200
}
},
"chain": {
"jira_http": {
"type": "http",
"status": "success", ***
"payload": {
"_headers": {
"date": [
"Wed, 03 Apr 2019 21:08:08 GMT"
],
"server": [
"Apache"
],
"x-asessionid": [
"k3w8p1"
],
"transfer-encoding": [
"chunked"
],
"vary": [
"Accept-Encoding,User-Agent"
],
"x-frame-options": [
"ALLOWALL",
"SAMEORIGIN"
],
"strict-transport-security": [
"max-age=63072000; includeSubDomains"
],
"set-cookie": [
"JSESSIONID=498D7941D9B863F712644D3D09CAE9F1;path=/;Secure;HttpOnly"
],
"x-seraph-loginreason": [
"OK"
],
"keep-alive": [
"timeout=15, max=1000"
],
"content-security-policy": [
"frame-ancestors *.mydomain.com *.sharepoint.com ;",
"frame-ancestors 'self'"
],
"x-content-type-options": [
"nosniff"
],
"x-xss-protection": [
"1; mode=block"
],
"x-ausername": [
"myfakeusername"
],
"x-arequestid": [
"968x7492054x5"
],
"connection": [
"Keep-Alive"
],
"content-type": [
"application/json;charset=UTF-8"
],
"served-by": [
"epig-01"
],
"cache-control": [
"no-cache, no-store, no-transform,"
],
"x-asen": [
"SEN-L13339226"
]
},
"expand": "projects",
"projects": ,
"_status_code": 200 ***
},
"http": {
"request": {
"host": "jira.mydomain.com",
"port": 443,
"scheme": "https",
"method": "get",
"path": "/rest/api/2/issue/createmeta?projectKeys=MY-KEY",
"headers": {
"Authorization": "Basic MySecret"
}
},
"status_code": 200
}
}
}
}

please take the time to properly format your messages, this is nearly impossible to read.

You can only access data within the payload field.

The important part is I have a chained http input named jira_http that returns a result that includes a _status_code field. I want the action of my watch to execute if _status_code != 200

"condition": {
"script": {
"source": "return ctx.payload.jira_http._status_code != 200",
"lang": "painless"
}

ctx.payload.jira_http contains the _status_code field as shown, but the syntax for accessing it in the condition script isn't working.

[{_headers={date=[Wed, 03 Apr 2019 21:42:06 GMT], ..... _status_code=200}]

that field is within the ._headers field, which you are not referring to in the script

This condition worked. It does not seem possible to access the chained input's status field.

"condition": { "compare": { "ctx.payload.jira_http._status_code": { "not_eq": 200 } } }

both of these work for me. do they fail on your side?

POST _xpack/watcher/watch/_execute
{
  "watch": {
    "trigger": {
      "schedule": {
        "interval": "10h"
      }
    },
    "input": {
      "chain": {
        "inputs": [
          {
            "first": {
              "http": {
                "request": {
                  "url" : "https://httpbin.org/status/233"
                }
              }
            }
          }
        ]
      }
    },
    "condition": {
      "script": "return ctx.payload.first._status_code == 233"
    },
    "actions": {
      "logme": {
        "logging": {
          "text": "{{ctx}}"
        }
      }
    }
  }
}


POST _xpack/watcher/watch/_execute
{
  "watch": {
    "trigger": {
      "schedule": {
        "interval": "10h"
      }
    },
    "input": {
      "chain": {
        "inputs": [
          {
            "first": {
              "http": {
                "request": {
                  "url": "https://httpbin.org/status/233"
                }
              }
            }
          }
        ]
      }
    },
    "condition": {
      "compare": {
        "ctx.payload.first._status_code": {
          "eq": 233
        }
      }
    },
    "actions": {
      "logme": {
        "logging": {
          "text": "{{ctx}}"
        }
      }
    }
  }
}

Yes it works on my end -- You essentially posted the same thing as my last post.
The value I was attempting to access is the result.success field from the watch result below. Since this value is at the same level as payload instead of inside it I now understand it is not available. The payload.{input_name}._status_code condition test will be sufficient.

"result": { "execution_time": "2019-04-03T21:08:08.986Z", "execution_duration": 722, "input": { "type": "chain", "status": "success", "payload": {....}

Thank you for responding

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.