How is webhook used in elasticsearch , and how is logstash used for webhook

Vishnu_mk · May 29, 2019, 9:32am

Please help..

spinscale · May 29, 2019, 11:34am

please take your time to properly write up a question that consists of more than just a subject line. I don't think it's good to expect from anyone else to know all the context that you have behind this question.

What are you referring to? Is this the webhook of the alerting component? If so, just write that. Or link to the docs.
If the above is correct, how do make the connection between that webhook and logstash? Why are those two linked for you? Again context would be helpful.
What problem are you trying to solve in general that you took a look at these two mentioned components? Maybe there is a simpler way to solve this. Just sit back and talk about the setup you got and the problem you are trying to solve within a few words.
Are there any code or architectural samples that you can share with your problem, so others can try and reproduce. If not that's fine as long as other explanations are given.
Please take a look at https://www.elastic.co/help

We're happy to help, but you have to give a little more before getting something back - in this case it is just more information

Vishnu_mk · May 29, 2019, 12:32pm

Thank you Sir,
Actually i want to create an alert using webhook when my portal is down

PUT _xpack/watcher/watch/watcher10
{
  "trigger" : {
    "schedule" : { "cron" : "* */1 * * * ?" }
  },
  "input" : {
    "search" : {
      "request" : {
        "indices" : [
          "heartbeat-*"
        ],
        "body" : {
          "size": 1,
          "query" : {
            "bool" : {
              "must": [
                {
                  "term": {
                    "monitor.status": {
                      "value": "down"
                    }
                  }
                }
              ],
              "filter" : {
                "range": {
                  "@timestamp": {
                    "from": "{{ctx.trigger.scheduled_time}}||-5m",
                    "to": "{{ctx.trigger.triggered_time}}"
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "condition" : {
    "compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
  },
  "actions" : {
    "email_admin" : {
      "email" : {
        "to" : "vishnumk@nseit.com",
        "subject" : "Priority : High State : Down ",
        "body": {
      "text": "Portal_URL:{{#ctx.payload.hits.hits}} {{_source.http.url}} {{/ctx.payload.hits.hits}}\n Time:{{#ctx.payload.hits.hits}} {{_source.@timestamp}} {{/ctx.payload.hits.hits}}\n Error:{{#ctx.payload.hits.hits}} {{_source.error.message}} {{/ctx.payload.hits.hits}}" 
    }
      }
    }
  }
 }

Now instead of email alert i want to use webhook alert . I dont know what steps i should take to proceed with webhook.

Regards

spinscale · June 3, 2019, 12:07pm

You have to replace the email action with a webhook action. Like mentioned here https://www.elastic.co/guide/en/elastic-stack-overview/current/actions-webhook.html

specify an endpoint where to sent the data to (optionally change the data) and you are good to go.

system · July 1, 2019, 12:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.