Hi there, I am trying setup a watcher to send an alert based on a field status.actions.my_webhook.last_execution.successful": "false" that can be found in .watcher-history-*. This is to notify us if our 3rd parties notification API endpoint changed/not available.
Currently I am having a problem to index that field so it is searchable. I tried to refresh the fields list and gone up from ~130 to 170 but the field is still not showing there.
Any help or guidance on this would be appreciated.
Hi @Piotr_Pawlak,
Are you using the Threshold Alert UI to create this? You won't be able to use that for creating this watch as the mappings for .watcher-history-* aren't structured enough to allow you dive into the status of actions.
this is related Alert when watcher is in error state - .watcher_history topic I raised a few days ago.
All I am looking for is a programmatic method of getting alerted if a watcher is in error state. At the moment I found a field that is changing when a watcher error happen so I am trying to come up with a query first before creating an alert.
Your best bet is to create a watch against the .watcher-history-* indices.
In the query part, do a match_all to grab all the watches (or you can filter into a subset based on your needs). You cannot write a query that will filter on status because the status field is not indexed.
In the condition part, investigate the status.actions.my_webhook.last_execution.successful part of the response.
Thanks I will investigate this solution and see how far i will get.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.