Extracting the query of a dashboard automtically

We already have an elasticsearch engine working and indexing our systems logs. Every morning we go over those logs, in our Kibana, looking for errors that shouldn't have happened (I'm saying "shouldn't have happened" because some error logs will happen from time to time, we're aware of these errors and already working on fixing them).
So, we created a dashboard mapping our errors, there we filter out the errors we're aware of (that aren't a concern). Every morning we check that dashboard for new errors, which we haven't seen before.
This sounds like a job for Watcher. So I created a watcher, and the query he runs is the same as the dashboard's (filters out any known errors, and counts if we have any new errors). My question is how can I update my watcher automatically from my dashboars? As I said, right now, I have to copy the query from the dashboard to the query in the watcher declaration every time we have a new error to filter, Can this be done automatically?

Thank you very much!

I don't think there's any turn-key solution here, but you should be able to read the query from the .kibana index in ES using ES's REST API and update the Watcher configuration using its REST API.

I've actually looked at Kibana's index, and what I found there was a document discribing a query for display, not for search. In other words the index dowsn't contains what I am looking for. I did found what i was looking for with the inspect button however.
Here are the difernces: (example dashboard)

Inspect button showed me this:
curl -XGET 'http://HOSTNAME:9200/_all/_search?pretty' -d '{ "query": { "filtered": { "query": { "bool": { "should": [ { "query_string": { "query": "*" } } ] } }, "filter": { "bool": { "must": [ { "terms": { "_type": [ "LogEvent" ] } }, { "fquery": { "query": { "query_string": { "query": "Level:(\"ERROR\")" } }, "_cache": true } } ] } } } }, "highlight": { "fields": {}, "fragment_size": 2147483647, "pre_tags": [ "@start-highlight@" ], "post_tags": [ "@end-highlight@" ] }, "size": 500, "sort": [ { "_score": { "order": "desc", "ignore_unmapped": true } } ] }'

Document in the index:
"_source":{"user":"guest","group":"guest","title":"Test1 Dashboard","dashboard":"{\"title\":\"Test1 Dashboard\",\"services\":{\"query\":{\"list\":{\"0\":{\"query\":\"*\",\"alias\":\"\",\"color\":\"#7EB26D\",\"id\":0,\"pin\":false,\"type\":\"lucene\",\"enable\":true}},\"ids\":[0]},\"filter\":{\"list\":{\"0\":{\"type\":\"terms\",\"field\":\"_type\",\"value\":\"LogEvent\",\"mandate\":\"must\",\"active\":true,\"alias\":\"\",\"id\":0},\"1\":{\"type\":\"field\",\"field\":\"Level\",\"query\":\"\\\"ERROR\\\"\",\"mandate\":\"must\",\"active\":true,\"alias\":\"\",\"id\":1}}...

Any idea on how to bridge the gap?

You need to build something for now, we don't currently provide any interaction between KB and Watcher.