Is it possible to have dynamic attachment fields in slack action?


(Da Tao) #1

Hi there,
Thanks for elasticsearch and watcher, my devops job goes better.
When I was looking at slack action of Watcher, I started to wondering if there was a way to make dynamic attachment fields.
Dynamic attachments are wonderful, but sending multi attachments in one slack message sometimes makes the message too long to read, and when you have more servers, one message can fill the whole screen.
Is there a way to generate attachment fields, other than attachments? Or is there any script as an workaround?

I am new to watcher and elasticsearch, so please forgive me if the question is stupid.


(Alexander Reelsen) #2


no stupid questions here, always ask! Now it's my turn to ask :slight_smile:

I couldnt extract, what exactly you are after, when reading your post. How exactly would you want to create the attachment? Should there be a cutoff after a certain number of attachments?

Have you seen the [dynamic attachments feature] ( of watcher. What is missing there to make it work for you?

If there are too many hits being return and you need to reduce the number of you attachment a script transform inside of the slack action might be useful to reduce the number attachment before using dynamic attachment. See the transform documentation

Hope this helps!


(Da Tao) #3

My slack message block is like this:
"message": {
"to": [
"text": "Last 24h exception source",
"dynamic_attachments" : {
"list_path" : "ctx.payload.sources",
"attachment_template" : {
"title" : "Instance: {{eventtype}}",
"text" : "Error Count: {{count}}",
"color" : "{{color}}"
When I have too many eventtype, the message will fill the slack screen and force user to scroll to read full message. If there are more than 20 then you need to expand the message.

About the transform script, what are the limits to the inline script? For example, length? Since I cannot upload a script (which I believe it is a bug, as read in the fourm), maybe I have to put a long script.



(Alexander Reelsen) #4


there are is only one limit to an inline script, either inline scripting is allowed or not (If not you will see an exception when trying to create the watch). If not, you need to upload a script. From a content perspective those are the same.

I do not follow the "I cannot upload a script" sentence. Just to make sure: This means you are not running self hosted but as a service? If so, which one? Cloud?


(Da Tao) #5


I am wondering whether there is document for what are forbidden in script. Is any document available?

For script, I am using Elastic Cloud, running 2.3.1. As the document mentioned, uploading scripts is available to all subscriptions. I cannot find a place to upload script. When I click the plugin link, it says only Gold and Platinum user can upload plugins. Did I follow the wrong link?


(Alexander Reelsen) #6

No, you didnt, by default you cant IIRC upload scripts, but you can still use indexed scripts or inline scripts - which should work fine here as well.

(Da Tao) #7

Cool, thanks for your help. I have got no further questions now - wish elastic search goes better :slight_smile:

(system) #8