Dynamic Mapping Watcher

peterColclough · June 7, 2015, 4:27pm

Oh dear... well here we go. Tried with the example log watcher, and with creating the watch I get this:

{"error":"WatcherException[failed to put watch [log_error_watch]]; nested: TypeMissingException[[.watches] type[[watch, trying to auto create mapping, but dynamic mapping is disabled]] missing]; ","status":500}

I have other indexes on the cluster that are working fine.. and have been for 10+ months, so what have I missed here? Do I actually have to create a mapping for watcher? If so, what fields are returned as normal?

My curl call was:
curl -XPUT 'http://[myserver]:[myport]/_watcher/watch/log_error_watch' -d '{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
}
}
}'

Thanks in advance....

warkolm · June 8, 2015, 12:58am

What index are you putting this against, because it looks like that dynamic mapping explicitly disabled.

peterColclough · June 8, 2015, 7:47am

Apologies... forgot the correct curl call.. its against the _watcher index:

curl -XPUT 'http://[my_server]:[my_port]/_watcher/watch/log_error_watch' -d '{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
}
}
}'

What would cause the dynamic mapping to be turned off? I haven't (knowingly) turned it off...as its really useful to have turned on.

Peter C

uboness · June 8, 2015, 12:16pm

Hi Peter,

can you provide us the output for:

GET .watches/_mapping

Is there a chance you accidentally deleted the mappings for the .watches index?

peterColclough · June 8, 2015, 12:20pm

Ooops....you just cant get the staff can you:
{
".watches" : {
"mappings" : { }
}
}

That doesn't look good does it? Is there an easy way to get them back?
Peter C

uboness · June 8, 2015, 12:57pm

That doesn't look good does it?

no, it doesn't :).

yea.. seems like the mappings were deleted, do the following:

stop the node
add watcher.index.rest.direct_access: true to elasticsearc.yml
start the node
delete .watches index DELETE /.watches

now you should be able the put watches again. But before you do that, please revert the direct access setting:

stop the node
remove watcher.index.rest.direct_access: true from elasticsearch.yml
start the node

The watcher.index.rest.direct_access enables/disables direct access to the .watches index via the rest API such that you won't be able to add/delete/update documents there. We don't have this protection (yet) against mapping deletion.... we'll consider adding it (or find another way to prevent this from happening)

pls let us know how it goes

Topic		Replies	Views
Error from watcher in Elasticsearch Elasticsearch	2	466	March 1, 2018
Unable to give condition to watcher for elasticsearch (groovy disabled)? Elasticsearch elastic-stack-alerting	11	2627	July 6, 2017
My Elasticsearch goes down every day, and I have to restart it. Please help Elasticsearch	2	946	June 18, 2018
Broke Watcher on ES6 Elasticsearch elastic-stack-alerting	6	1093	December 28, 2017
Can't create a new Watch Elasticsearch elastic-stack-alerting	2	1015	July 6, 2017

Dynamic Mapping Watcher

Related Topics