Error creating a watch unexpected token [START_OBJECT]"

alerting

(Patel Viral) #1

Hey, I'm kinda a newbie to Elastic search and I am trying to create watcher but having some issues. Below is the code, it would be great if someone could help me resolving the issue.

{
"trigger" : {
"schedule" : {
"daily" : {
"at" : {
"hour" : [ 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 0, 1 ],
"minute" : [0, 5, 10, 15, 20, 25, 30, 35, 40, 45, 50, 55]
}
}
}
},
"input" : {
"search" : {
"request" : {
"indices" : [
"<betdata-{now/d}>",
"<betdata-{now/d-1d}>"
]
},
"body": {
"query": {
"filtered": {
"query": {
"query_string": {
"query": "moduleid:19064 moduleid:19063 moduleid:19075 moduleid:19065 moduleid:19062 moduleid:19061 moduleid:19066",
"analyze_wildcard": true,
"lowercase_expanded_terms": false
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-10m"
}
}
}
]
}
}
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "lt" : 1 }}
},
"transform" : {
"script" : "return [ watchname : ctx.watch_id, message : "Stopped Receiving Bets On Evolution Platform", "@timestamp" : ctx.execution_time ]"
},
"actions" : {
"email_alert" : {
"throttle_period" : "60m",
"email": {
"to":[
"sdsd@sdsds.com",
"sdsd@sdsds.com"
],
"subject": "[ELASTICSEARCH] {{ctx.watch_id}}: Stopped Receiving Bets On Evolution Platform",
"body": "Please check the Evolution Platform, potential issue.",
"priority": "high"
}
},
"log_error" : {
"logging" : {
"text" : "[WATCHER] {{ctx.payload.message}}",
"category" : "wintech.NoEvolutionBets",
"level" : "INFO"
}
},
"index_payload" : {
"index" : {
"index" : "watcher_alerts",
"doc_type" : "alert"
}
}
}
}


(Alexander Reelsen) #2

Hey,

indeed the error message is not good. The problem here is that you are closing the request object after the indices array, so the query is not part of your request.

Also you could replace the schedule part with

  "trigger": {
    "schedule": {
      "interval" : "5m"
    }
  }

Hope this helps.

--Alex


(Patel Viral) #3

Hey Alex,

Thanks, sorry completely new to this could you point me in the right
direction in regards to the request object and indices array. Apologies
really new to this.

Many Thanks,
Viral


(Patel Viral) #4

Not too worry I found it, again thank you so much. Life saver :slight_smile:


(system) #5