Hi,
I've an index with host name, host state and timestamp and , message fields, I want to use watcher to send an alert when a host is down. I can do that using the below watcher.
PUT _xpack/watcher/watch/log_error_watch
{
"trigger" : { "schedule" : { "interval" : "10s" }},
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "DOWN" }
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
"actions" : {
"log_error" : {
"logging" : {
"text" : "Found {{ctx.payload.hits.total}} errors in the logs"
}
}
}
}
But I want to alert with the name of the host which is DOWN as well. How do I do that?
Thanks,