Help needed with watcher and email notify (failed to execute watch input)

marcjonkers · March 21, 2017, 7:09pm

Hi, I tried this watcher but it does not run. What am I doing wrong? A'm using 5.2.2 version.

{
"trigger" : {
"schedule" : {
"interval" : "1m" }
},
"input" : {
"search" : {
"request" : {
"indices" : [ "<logstash-{now/d}>" ],
"body" : {
"query" : {
"match" : { "message": "BGP" }
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-5m"
}
}
}
]
}
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
"actions" : {
"send_email" : {
"throttle_period" : "15m",
"email" : {
"account" : "work",
"to" : "xxx@xxxxx.xxx",
"subject" : "[KIBANA] {{ctx.payload.hits.total}} BGP flaps",
"body" : "BGP flaps detected",
"attach_data" : true
}
}
}
}

system · April 18, 2017, 7:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.