Hello,
I have a question about Watcher functionality. My index contains a field named type and subtype. We have around 300 different types, each having around 10 subtypes. Each event that comes to elastic contains both of those fields. We would like to setup a watcher which will check every 5 minutes, if any combination of type/subtype exceeds 10 documents count. If that's the case, then it will send a email notification containing type and subtype information along with number of documents. If possible, it should contain those documents in email body, or at least several field from those documents.
Is above possible? If so, is it complicated to define such Watcher?