Hello,
unfortunately I did not find any answered question for this relatively common use case so if there actually is one here, feel free just to link it.
I want to have a single alert for each message that got through the input. If multiple messages came in in a given interval normally watcher would stack these and print them in a single alert. I want to have a single alert, though, for each message.
Thanks for your help
Hey,
this still holds true. Any action can only be executed once for a watch and not on a per-entry base in the payload. Have you considered sending the data to logstash using its http input to process it further there, y sending all hits over there and then do additional processing there?
--Alex
Whats your intention using the http input? I would have processed them with elasticsearch input and output but that would probably be to much work for the profit I get out of it since reading alarms and writing alarms are using the same index and I would have to split every message, write an alarm entry for everyone and delete the old document. I would probably then just go with accumulated logs but would like to hear your idea as well 
Thanks for your help.
Hey,
so my idea would be so send an array of data to logstash, where logstash can basically split this data and act on each of the elements and do what you want by using the watcher webhook action to send that data and using the logstash http input to receive the data before processing.
Does that make sense?
--Alex
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.