hi
we have a clustered environment. Is there a way to get where the "watcher" have run? We have putting a same set of watcher ,but needed to ensure only PROD watchers are alerted. Hence wanted to filter on a specific key-word of the "elastic_host" in our logic.
In Splunk , there are default fields like "splunk_server" which comes up with every event. Is there any such fields which may be hidden somewhere for elastic where I can make use upon?
There is no metadata variable for the cluster name. You could use the metadata field in the watch to mark a watch on each cluster as prod or dev.
oh.ok. quite hard for us as there are dozens of systems and ahve to manually add the metadata. anyway, nice to have the ctx to contain cluster-name/servername
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.