hi all,
I am using filebeat, elasticsearch, kibana and x-pack. Version of all is 6.1.1.
I defined watch, condition and action as following:
PUT _xpack/watcher/watch/log_error_watch
{
"trigger" : { "schedule" : { "interval" : "10s" }},
"input" : {
"search" : {
"request" : {
"indices" : [ "myind" ],
"body" : {
"query" : {
"match" : { "message": "memory" }
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
"actions" : {
"log_error" : {
"logging" : {
"text" : "Found {{ctx.payload.hits.total}} memory phrases in the myind
index"
}
}
}
}
But, there is no message in the elasticsearch log. To check the state of watcher, i used following command:
curl -XGET 'http://192.168.170.152:9200/.watch_history*/_search?pretty'
Which the result is as following. Notably, i installed x-pack, other features like security, role and users are OK and there is no "missing authentication" error.
# curl -XGET 'http://192.168.170.152:9200/.watch_history*/_search?
pretty'
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "missing authentication token for REST request
[/.watch_history*/_search?pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
}
}
],
"type" : "security_exception",
"reason" : "missing authentication token for REST request
[/.watch_history*/_search?pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
}
},
"status" : 401
}
Any solution will be so appreciated. thanks.