Alerts generated by watches

Ajit_Bhingarkar · June 11, 2015, 12:45pm

Hi,

Is there a way to manage alerts generated by watches? If same alert is generated at every trigger it could become noisy in some cases. I know that we can control the # of hits, and schedule, however I have following queries.

Some customers would like to see an alert only a few times, Can we "switch off" alerts in such cases? So further alerts would only be generated on new cases where the condition is met.

A peculiar thing which I have noticed is "ctx.payload.hits.total" value seems to be changing with every alert email I get even though I do not have any new data indexed by ES. This discrepancy would be an issue. Is this an issue with document replication count; and buckets perhaps containing more than one documents in certain queries?

Thanks for your help.

Ajit

shaunak · June 11, 2015, 1:00pm

Hey Ajit,

Yes, please our documentation on Watch acknowledgement and throttling.

uboness · June 11, 2015, 1:04pm

If you have no new data indexed, and all the data is indeed index, the only thing that comes to mind why you'd get different document count is if you filter the search request by execution/scheduled/triggered time.