Email is not been sent at the time when my portal is down , but it gets sent after a minute while using watcher elasticsearch

Vishnu_mk · May 23, 2019, 11:01am

           PUT _xpack/watcher/watch/watchertry
            {
              "trigger" : {
                "schedule" : {
              "interval" : "1m"
            }
          },
          "input" : {
            "search" : {
              "request" : {
                "indices" : [
                  "heartbeat-*"
                ],
                "body" : {
                  "size": 1,
                  "query" : {
                    "bool" : {
                      "must": [
                        {
                          "term": {
                            "monitor.status": {
                              "value": "down"
                            }
                          }
                        }
                      ],
                      "filter" : {
                        "range": {
                          "@timestamp": {
                            "from": "{{ctx.trigger.scheduled_time}}||-5m",
                            "to": "{{ctx.trigger.triggered_time}}"
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          },
          "condition" : {
            "compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
          },
          "actions" : {
            "email_admin" : {
              "email" : {
                "to" : "vishnumk@nseit.com",
                "subject" : "Priority : High State : Down ",
                "body": {
              "text": "Portal_URL:{{#ctx.payload.hits.hits}} {{_source.http.url}} {{/ctx.payload.hits.hits}}\n Time:{{#ctx.payload.hits.hits}} {{_source.@timestamp}} {{/ctx.payload.hits.hits}}\n Error:{{#ctx.payload.hits.hits}} {{_source.error.message}} {{/ctx.payload.hits.hits}}" 
            }
              }
            }
          }
        }

This is my watcher

spinscale · May 23, 2019, 1:03pm

you set the interval to 1m, which means the check is running once per minute. That might explain the delay of up to one minute.

Hope that makes sense.

--Alex

Vishnu_mk · May 23, 2019, 1:06pm

But what if I need the mail at the same time when my portal is down .
And after that for every 1min interval i want to schedule .

spinscale · May 23, 2019, 1:08pm

then you may need to decrease the interval and have an additional check in your condition if the alert has already been triggered before by querying the watch history (this is somewhat tedious, but can be made working).

Vishnu_mk · May 23, 2019, 1:09pm

Can you send me any demo examples

system · June 20, 2019, 1:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.