PUT _xpack/watcher/watch/meetup
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"types" : [ "event" ],
"body" : {
"query" : { "match_all" : {}}
}
}
}
}
"actions": {
"email_me": {
"email": {
"from": "<from:email address>",
"to": "<to:email address>",
"subject": "Open Source Events",
"body": {
"html": "Found events matching Open Source"
}
}
}
}
I have created elastic alert for example I am using those scripts. Those script will send email every 1 minute if there's an event match.
What I need is, watcher only send email alert once when the event triggered, watcher will check every 1 minute if there's a new event and match with condition it will send email, but if there's no new event it will not send an email.
What should I do, on those scripts?