Dear all,
I created a watcher through the Kibana UI that search for documents and index results into a new index.
It works fine when I simulate it, even with execution of actions (target index is populated)
But
- when I want to create it (by pushing the 'create watch' button) I have the message 'invalid watch actions'
- Then I created it with a query 'PUT _watcher/watch/...' successfully but when I look at the watchers through Kibana (Management/Watcher) the state is 'Config error' with the same message when I focus on my watcher.
- The action 'index_evt_type' contains errors 'JSON argument must contain an actionJson.index.index property'
{
"trigger": {
"schedule": {
"interval": "12h"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"index-data"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "now-1h",
"lte": "now"
}
}
},
{
"match_all": {}
}
]
}
},
"aggs": {
"evt_type": {
"terms": {
"field": "evt.type",
"size": 100
}
}
}
}
}
}
},
"condition": {
"always": {}
},
"actions": {
"index_evt_type": {
"transform": {
"script": {
"source": "def documents = ctx.payload.aggregations.evt_type.buckets.stream().map(bucket -> [ '_index': 'index-liste', '_id': 'evt.type.' + bucket.key, 'evt.type': bucket.key, 'tech.data.type': 'evt.type']).collect(Collectors.toList());return [ '_doc' : documents];",
"lang": "painless"
}
},
"index": {}
}
}
}
Does someone have any idea of what's happening ?