Hello,
I am trying to create a Watcher to alert me (via email attachment) whenever there are new errors in the logs in a certain period of time. I have written some email configuration inside the Watcher but I'm unable to figure out to how I can display the type of errors and their count and average in last 2 weeks next to it - all in the same email attachment. When I say type of errors, it could be any error/exception, it should just display the error description inside the attachment. Please help me understand how I can retrieve this information in a single email attachment through Watcher service.
Below is the current Watcher snippet I have written, please suggest how to configure this now to receive both error description and error count and average beside it.
{
"trigger": {
"schedule": {
"interval": "30s"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
“my_index-*”
],
"types": [],
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "debugmessage : java*exception , ERROR"
}
},
{
"range": {
"@timestamp": {
"from": "now-1h"
}
}
}
]
}
},
"_source": [
"message"
],
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 1
}
}
},
"actions": {
"send_email": {
"throttle_period_in_millis": 120000,
"email": {
"profile": "standard",
"attachments": {
"attach_data": {
"data": {
"format": "json"
}
}
},
"priority": "high",
"to": [
“myemailID@mydomain.com”
],
"subject": "Found exceptions in the logs",
"body": {
"text": "Found {{ctx.payload.hits.total}} errors in the logs“
}
}
}
}
}
Thanks in Advance!