Create advance watcher

Hi Team,

I enable email alert in Elasticsearch after that it is enabled in kibana also.
[In kibana dashboard >management>watcher] I created one sample watcher by clicking on "create watcher" and I executed manually , its working fine and mails all got but when I am going to create sample watcher in" advance watcher" with particular time interval like below and its executing as I expected according to time intervals but not getting mails.

{
"trigger": {
"schedule": {
"cron": "0 0/1 * * * ?"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"logstash*"
],
"types": ,
"body": {
"query": {
"bool": {
"must": {
"match": {
"response": 404
}
},
"filter": {
"range": {
"@timestamp": {
"from": "{{ctx.trigger.scheduled_time}}||-5m",
"to": "{{ctx.trigger.triggered_time}}"
}
}
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"email_admin": {
"email": {
"profile": "standard",
"to": [
"test@gmail.com"
],
"subject": "404 recently encountered"
}
}
}
}

Could you please give your valuable suggestions for this.

Hey ,
I'm going to move this question to the Elasticsearch topic because we have to use the "advanced watch" functionality in Kibana which essentially allows you to create a watch definition directly using the Elasticsearch APIs.
Logs would help here.

Thanks
Rashmi

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.