How to configure email settings in a Watcher which outputs desired data in an attachment

Hello,

I am trying to create a Watcher to alert me (via email attachment) whenever there are new errors in the logs in a certain period of time. I have written some email configuration inside the Watcher but I'm unable to figure out to how I can display the type of errors and their count and average in last 2 weeks next to it - all in the same email attachment. When I say type of errors, it could be any error/exception, it should just display the error description inside the attachment. Please help me understand how I can retrieve this information in a single email attachment through Watcher service.

Below is the current Watcher snippet I have written, please suggest how to configure this now to receive both error description and error count and average beside it.

  {
  "trigger": {
    "schedule": {
      "interval": "30s"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          “my_index-*”
        ],
        "types": [],
        "body": {
          "query": {
            "bool": {
              "must": [
                {
                  "query_string": {
                    "query": "debugmessage : java*exception , ERROR"
                  }
                },
                {
                  "range": {
                    "@timestamp": {
                      "from": "now-1h"
                    }
                  }
                }
              ]
            }
          },
          "_source": [
            "message"
          ],
          "sort": [
            {
              "@timestamp": {
                "order": "desc"
              }
            }
          ]
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.hits.total": {
        "gte": 1
      }
    }
  },
  "actions": {
    "send_email": {
      "throttle_period_in_millis": 120000,
      "email": {
        "profile": "standard",
        "attachments": {
          "attach_data": {
            "data": {
              "format": "json"
            }
          }
        },
        "priority": "high",
        "to": [
          “myemailID@mydomain.com”
        ],
        "subject": "Found exceptions in the logs",
        "body": {
          "text": "Found {{ctx.payload.hits.total}} errors in the logs“
        }
      }
    }
  }
}

Thanks in Advance!

Hey @swathi,

Can you send me a snippet of the mappings for the index, making sure to include the relevant fields you want included in the email?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.