Here is a scenario:
I have setup a watcher which runs every hour searching a "keyword", and if the occurrence of this keyword is more than "100" then it sends an alert.
Now it could be possible I am receiving it every hour, but I want to set up its frequency. So after 1st alert, next alert should come after 12 hours. given that watcher still runs every hour.
Is it possible in watcher to override "Action" for a particular duration?
Please help. Thank You
Seems like you want to setup throttling for a watch. You can read more about it here:
https://www.elastic.co/guide/en/elastic-stack-overview/current/how-watcher-works.html
https://www.elastic.co/guide/en/elastic-stack-overview/current/actions.html#actions-ack-throttle
As for more complicated trigger patterns, check this for documentation (including cron-like schedules too):
https://www.elastic.co/guide/en/elastic-stack-overview/current/trigger-schedule.html
Thanks a lot @Marius_Dragomir. You have hit the bulls eye. 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.