Email is not been sent at the time when my portal is down , but it gets sent after a minute while using watcher elasticsearch

Vishnu_mk · May 23, 2019, 11:01am

           PUT _xpack/watcher/watch/watchertry
            {
              "trigger" : {
                "schedule" : {
              "interval" : "1m"
            }
          },
          "input" : {
            "search" : {
              "request" : {
                "indices" : [
                  "heartbeat-*"
                ],
                "body" : {
                  "size": 1,
                  "query" : {
                    "bool" : {
                      "must": [
                        {
                          "term": {
                            "monitor.status": {
                              "value": "down"
                            }
                          }
                        }
                      ],
                      "filter" : {
                        "range": {
                          "@timestamp": {
                            "from": "{{ctx.trigger.scheduled_time}}||-5m",
                            "to": "{{ctx.trigger.triggered_time}}"
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          },
          "condition" : {
            "compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
          },
          "actions" : {
            "email_admin" : {
              "email" : {
                "to" : "vishnumk@nseit.com",
                "subject" : "Priority : High State : Down ",
                "body": {
              "text": "Portal_URL:{{#ctx.payload.hits.hits}} {{_source.http.url}} {{/ctx.payload.hits.hits}}\n Time:{{#ctx.payload.hits.hits}} {{_source.@timestamp}} {{/ctx.payload.hits.hits}}\n Error:{{#ctx.payload.hits.hits}} {{_source.error.message}} {{/ctx.payload.hits.hits}}" 
            }
              }
            }
          }
        }

This is my watcher

spinscale · May 23, 2019, 1:03pm

you set the interval to 1m, which means the check is running once per minute. That might explain the delay of up to one minute.

Hope that makes sense.

--Alex

Vishnu_mk · May 23, 2019, 1:06pm

But what if I need the mail at the same time when my portal is down .
And after that for every 1min interval i want to schedule .

spinscale · May 23, 2019, 1:08pm

then you may need to decrease the interval and have an additional check in your condition if the alert has already been triggered before by querying the watch history (this is somewhat tedious, but can be made working).

Vishnu_mk · May 23, 2019, 1:09pm

Can you send me any demo examples

system · June 20, 2019, 1:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic Alert by Watcher send only once Elasticsearch elastic-stack-alerting	2	2492	June 12, 2017
504 timeout email watcher Elasticsearch elastic-stack-alerting	9	3007	March 7, 2018
Watcher alerts email issue Elasticsearch elastic-stack-alerting	4	784	January 14, 2020
Need help with watcher to send the correct fields of result in the email Elasticsearch elastic-stack-alerting	6	1286	June 23, 2020
Problem while sending e-mail alerts Elasticsearch	3	2017	October 9, 2017

Email is not been sent at the time when my portal is down , but it gets sent after a minute while using watcher elasticsearch

Related topics