Elastic Search - Advanced Watcher Script

I have created an advanced watcher script to check whether the data is getting updated for the last 30 minutes for multiple indices . Is there a way to display the index name in Action logging.

I want to display only es_indices_data_validation_2 in the below log since the index "es_indices_data_validation_2" not received any data for the last 30 minutes

Script :
{
"trigger": {
"schedule": {
"interval": "30m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"es_indices_data_validation",
"es_indices_data_validation_2"
],
"types": ,
"body": {
"query": {
"range": {
"indexed_at": {
"from": "now-30m",
"to": "now"
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"lt": 1
}
}
},
"actions": {
"log": {
"logging": {
"level": "info",
"text": "ElasticSearch Index <<es_indices_data_validation_2>> does not receive data for the last 60 minutes "
}
}
}
}

Hey,

can you please take the time to properly format your snippets? You can use markdown in here, and that makes code a million times easier to read.

To your question. As your response does not contain any results, it also does not contain any information about the the indices it was searched in.

If you need this information, you need to use the chain input and then check in the condition for each chained input, if there are any hits. The same applies for each payload in the chained input, that you could map the info which index your queried based on the chained query.

Hope this helps!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.