How to configure email settings in a Watcher which outputs desired data in an attachment


#1

Hello,

I am trying to create a Watcher to alert me (via email attachment) whenever there are new errors in the logs in a certain period of time. I have written some email configuration inside the Watcher but I'm unable to figure out to how I can display the type of errors and their count and average in last 2 weeks next to it - all in the same email attachment. When I say type of errors, it could be any error/exception, it should just display the error description inside the attachment. Please help me understand how I can retrieve this information in a single email attachment through Watcher service.

Below is the current Watcher snippet I have written, please suggest how to configure this now to receive both error description and error count and average beside it.

  {
  "trigger": {
    "schedule": {
      "interval": "30s"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          “my_index-*”
        ],
        "types": [],
        "body": {
          "query": {
            "bool": {
              "must": [
                {
                  "query_string": {
                    "query": "debugmessage : java*exception , ERROR"
                  }
                },
                {
                  "range": {
                    "@timestamp": {
                      "from": "now-1h"
                    }
                  }
                }
              ]
            }
          },
          "_source": [
            "message"
          ],
          "sort": [
            {
              "@timestamp": {
                "order": "desc"
              }
            }
          ]
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.hits.total": {
        "gte": 1
      }
    }
  },
  "actions": {
    "send_email": {
      "throttle_period_in_millis": 120000,
      "email": {
        "profile": "standard",
        "attachments": {
          "attach_data": {
            "data": {
              "format": "json"
            }
          }
        },
        "priority": "high",
        "to": [
          “myemailID@mydomain.com”
        ],
        "subject": "Found exceptions in the logs",
        "body": {
          "text": "Found {{ctx.payload.hits.total}} errors in the logs“
        }
      }
    }
  }
}

Thanks in Advance!


(Chris Roberson) #2

Hey @swathi,

Can you send me a snippet of the mappings for the index, making sure to include the relevant fields you want included in the email?


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.