Yet another rehash of Multiple actions in the watcher yet?, I am also aware of the workaround with Logstash, however, I would be interested in a solution for this limitation and would like to propose the following:
How about the ctx.payload or a new attribute like ctx.actions would just be dynamically interpreted as the watch action definition when no actions are statically defined or even in addition? This would allow to generate the actions dynamically using Painless. From the implementation side, it should be simple, but it might also require changes to Kibana to properly show the watch status. The downside is of course that because of the dynamic nature of actions here, transformation issues will result in potentially no action being taken at all. This can be mitigated by tested the watches properly with integration testing scripts provided https://github.com/elastic/examples/tree/master/Alerting/Sample%20Watches.
Example in YAML:
metadata:
api_url: 'https://api.example.net'
transform:
script:
inline: |-
ctx.actions = [
'my_webhook1': [
'webhook': [
'method': 'POST',
'url': ctx.metadata.api_url,
'body': '{"something_for_first_doc":23}'
]
],
'my_webhook2': [
'webhook': [
'method': 'POST',
'url': ctx.metadata.api_url,
'body': '{"something_for_second_doc":23}'
]
]
];
return true;
In a practical use case, ctx.actions would be generated using a for-each loop.
Feedback? How can we proceed with this?
