I'm wondering how Watcher Alert throttling exactly works. Does the search result have any influence on the throttling? I'm using Watcher with APM and would like to get only one notification per error per day. If I set the throttle period to one day does this mute other erros which might occur within this throttle period?
I'm using the Elasticsearch Service with Elasticsearch 7.5.1.
The search result does have an influence, as the throttling mechanism is resetted automatically if the conditions turns false again, once throttling has happened (or the throttling period is expired).
This means that a condition which makes sure that ctx.payload.hits.total is bigger than 0 isn't a very good way for throttling different kind of errors?
What would be the best approach to make sure that only one email per error per day will be sent?
Are you sure, that this is what you are after? Why does the existing throttling implementation not work for you?
What if the error occurs twice a day, after it is supposed to be fixed?
How about only running the watch once per day then and have a single watch for each class of errors you want to get alerted only once a day? Even though I personally would not do that.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.