Elasticsearch Watcher Capabilities

umityayla · April 3, 2023, 7:12am

Hello,

We plan to implement such a watcher that will regex a field in the documents that are found and pass it to the clients. What I mean is;

Let's assume there are 2 documents like below;

{
  "_type": "_doc",
  "_id": "VbnxRYcBbONNOA7tHnlq",
  "_version": 1,
  "_score": 1,
  "_ignored": [
    "Message.keyword"
  ],
  "_source": {
    "Message": "Result is: true, data is: qqq",
    "LogType": "Info",
    "LogDate": "2023-04-03T07:07:22.5906183Z"
  },
  "fields": {
    "Message": [
      "Result is: true, data is: qqq"
    ],
    "LogType": [
      "Info"
    ],
    "LogDate": [
      "2023-04-03T07:07:22.590Z"
    ]
  }
}

{
  "_type": "_doc",
  "_id": "VbnxRYcBbONNOA7tHnlq",
  "_version": 1,
  "_score": 1,
  "_ignored": [
    "Message.keyword"
  ],
  "_source": {
    "Message": "Result is: true, data is: qqq",
    "LogType": "Info",
    "LogDate": "2023-04-03T07:07:22.5906183Z"
  },
  "fields": {
    "Message": [
      "Result is: false, data is: qqq"
    ],
    "LogType": [
      "Info"
    ],
    "LogDate": [
      "2023-04-03T07:07:22.590Z"
    ]
  }
}

We want to use the result/data fields in the document. We'll go for separate fields as a last resort.

system · May 1, 2023, 7:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher match "message" issue, How to fix for my watcher? Elasticsearch elastic-stack-alerting	1	386	February 22, 2019
Watchers: querying for multiple strings in timeframe Elasticsearch elastic-stack-alerting	2	987	August 20, 2020
Incorporating search query into watcher Elasticsearch elastic-stack-alerting	2	701	June 16, 2017
Ability to search ES based on a result of previous search in a watcher Elasticsearch elastic-stack-alerting	7	2503	April 27, 2020
Alerting based on particular keyword fields Elasticsearch elastic-stack-alerting	2	395	April 9, 2020

Elasticsearch Watcher Capabilities

Related topics