Hello !
I'm new in the world of elastic. I would like to know if it is possible with watcher to get some variables and use it in "Message" (example: slack). I would like to create a watcher that send me a message on slack when I get HTTP server down. I'm ok with that but I don't know how to get url.full and http.response.status_code from my hearbeat-* indice. So if someone can give me documentation or little explanation to guide my search.
Downer
Hey,
yes, this is possible, as you can use mustache in those fields. The first snippet in the slack action documentation makes use of that directly.
Hope that helps as a start!
--Alex
Hello,
Thank you for your answer.
I have seen that but how to fill the "ctx" or other variable to get them in message field. I need to learn elasticsearch to create my own input. I think variable in message field depend of input
That's right ?
Downer
The ctx.payload variable includes all of your data of the input. So if you execute a search, the whole response is available there. Can you explain why that is not sufficient?
Ok ok it's sufficient. I just need to learn how to make an advanced watcher with a good input. Thanks for all.
How can i get the list of all the available input whose value can be shown used in the action. For example i want to include filebeat index having field user.name . How can i include it in email action with user.name value?
Where can i run these to get all supported values?
Please open a new thread for a new question the next time. If you need some more examples to get more familiar with the watcher templating syntax and how to parse search results, take a look at the examples repo.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.