Hi,
I am trying to execute 2 actions, one when the condition is always met, the other is when condition is met and custom index does not have the data I am looking for. Is there a way to do it in the same Watcher or both actions should be split into 2 watchers?
More details are in the older post, guess the post just went unnoticed
Two watches is always an option. The other alternative is two have conditions within the actions.
In this case however, maybe it is sufficient to configure a throttle period to your action? See https://www.elastic.co/guide/en/elastic-stack-overview/6.4/actions.html#actions-ack-throttle
I am already using a throttle period for one of my action for which I wanted to have a custom index logic. Here's what seems a good option.
a. Have a chain input 1) queries monitoring indices(<.monitoring-es-*-{now/d}>) 2) queries custom indices for the last 24h.
b. Have a condition which satisfies condition(example fs usage above 80%) based on result of 1) above and if it's true propagate both chains first and second onto the actions block.
c. First action which should always trigger will not look at the second chain result. Second action will evaluate if the (first.result.node) is in any of (second.result.node)
The c. above will work only if we can have condition in an action to evaluate against block like you suggested, can we? If not both these can't exist in the same watcher and should be in 2 separate watchers each handling a specific action.
yes, each action can optionally have a condition on its own.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.