How to define the query time range of advanced watches?

Elastic version: 6.3.0
How to define the query time range of advanced watches?
For example, the last 5 minutes.

{
  "trigger": {
    "schedule": {
      "interval": "15s"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "gateway*"
        ],
        "types": [],
        "body": {
          "size": 0,
          "query": {
            "match": {
              "level": "ERROR"
            }
          }
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.hits.total": {
        "gte": 10
      }
    }
  },
  "actions": {
    "email_administrator": {
      "email": {
        "profile": "standard",
        "priority": "high",
        "to": [
          "admin@local.com"
        ],
        "subject": "test",
        "body": {
          "text": "{{ctx.payload}}"
        }
      }
    }
  }
}

try this query:

{
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "@timestamp": {
              "from": "now-5m",
              "to": "now"
            }
          }
        },
        {
          "match": {
            "level": "ERROR"
          }
        }
      ]
    }
  }
}

Thank you. I found it in the official website.

"input" : {
    "search" : {
      "request" : {
        "indices" : [
          "logstash*"
        ],
        "body" : {
          "query" : {
            "bool" : {
              "must" : {
                "match": {
                   "response": 404
                }
              },
              "filter" : {
                "range": {
                  "@timestamp": {
                    "from": "{{ctx.trigger.scheduled_time}}||-5m",
                    "to": "{{ctx.trigger.triggered_time}}"
                  }
                }
              }
            }
          }
        }
      }
    }
  }

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.