How to set a time range in the watcher?

richcollier · July 24, 2017, 1:44pm

Hi,

If you haven't changed your query clause to what I recommend, you will get this error because there is a syntax problem in your query clause. You are not properly making an array of clauses in the filter section. You have to look close at the matching {} brackets to see.

Please modify it to the following and you'll be fine:

          "query": {
            "bool": {
              "filter": [
                {
                  "range": {
                    "timestamp": {
                      "gte": "now-3m"
                    }
                  }
                },
                {
                  "match": {
                    "message": "404"
                  }
                }
              ]
            }
          }

Topic		Replies	Views
How to set Time range in Watcher Elasticsearch elastic-stack-alerting	5	741	August 20, 2020
Timestamp range in watcher doesn't work Elasticsearch	2	1108	February 5, 2018
Watcher Timestamp showing in EPOCH Elasticsearch elastic-stack-alerting	4	901	October 1, 2021
Create a simple frequency based alert using Watcher Elasticsearch elastic-stack-alerting	6	1882	September 17, 2018
Watcher 7.8 Do I have to modify the range of my query to match the timezone? Elasticsearch elastic-stack-alerting	4	575	June 28, 2021

How to set a time range in the watcher?

Related Topics