Automatic Searches

I have Elastic search configured to work on a logstash index. The data in this index has following mapping. I want to define a watcher which generates automatic searches on the index which can then be used to generate visualizations.

Based on the watcher documentation, I created a watch indicated below, however, I have to explicitly specify the JobId in the watch. Is there a way, that multiple searches can be auto generated for different values of JobId

Mapping:

      "properties": {
        "Measurement": {
          "properties": {
            "JobId": {"type": "keyword"},
            "ChemicalId": {"type": "keyword"},
            "Concentration": {"type": "float"},
            "Temperature": {"type": "float"},
            "Humidity": {"type": "float"},
            "Precipitation": {"type": "integer"},
            "Barometric Pressure": {"type": "integer"},
            "Wind Speed": {"type": "integer"},
            "Wind Direction": {"type": "integer"},
            "_DeviceId": {"type": "keyword"},
            "_Timestamp": {"type": "date",
                      "format": "yyyy-MM-dd HH:mm:ss.SSS"},
            "_Location": {
              "type" : "geo_point"
            }
          }

Watcher

PUT _xpack/watcher/watch/log_job_watch
{
  "trigger" : {
    "schedule" : { "interval" : "10s" } 
  },
  "input" : {
    "search" : {
      "request" : {
        "indices" : [ "logstash*" ],
        "body" : {
          "query" : {
            "match" : { "Measurement.JobId": "JobY005" }
          }
        }
      }
    }
  }
}

Hey,

can you reiterate what your concrete question is?

First and foremost: Watcher can be used to alert on certain conditions, but it cannot be used to create visualizations in kibana. You could use a watch however to send an email, which then contains a link to the dashboard with your visualizations.

--Alex

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.