Creating a Watcher Alert to a Webhook

Elastic Stack Elasticsearch
1

Need a little help, new to Elastisearch and Kibana. Could someone tell me what I'm doing wrong I tried changing the example send an email on cluster status to use a web hook, but just keep getting errors:

{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"http" : {
"request" : {
"host" : "localhost",
"port" : 9200,
"path" : "/_cluster/health"
}
}
},
"condition" : {
"compare" : {
"ctx.payload.status" : { "eq" : "red" }
}
},
"actions" : {
"webhook" : {
"method" : "POST"'
"url" : "hooks.slack.com/services/restofurlhere",
"subject" : "Cluster Status Warning",
"body" : "Cluster status is RED"
}
}
}
}

2

Think I got it:

{
"trigger": {
"schedule": {
"interval": "10s"
}
},
"input": {
"http": {
"request": {
"scheme": "http",
"host": "localhost",
"port": 9200,
"method": "get",
"path": "/_cluster/health",
"params": {},
"headers": {}
}
}
},
"condition": {
"compare": {
"ctx.payload.status": {
"eq": "green"
}
}
},
"actions": {
"my_webhook": {
"throttle_period_in_millis": 10000,
"webhook": {
"scheme": "https",
"host": "hooks.slack.com",
"port": 443,
"method": "post",
"path": "/services/restofurl",
"params": {},
"headers": {},
"body": "Cluster status is RED"
}
}
}
}

3

please use proper formatting for JSON snippets, just pasting them makes it impossible to read.

Also, dont just post a snippet, but add the response your request as well. And the output of the execute watch API in case your watch was successfully stored.

Lastly I highly encourage you to this blog post about writing and debugging watches, which should give you the shortest feedback loop possible when writing new watches.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.