Is it possible to use payload as input to an exec output command?

esguy · November 19, 2020, 9:26pm

Hello,

I have a watcher set up with multiple email actions where each email action has a conditional checking whats in the user field of the payload. For example, if user = 'userGroupA', then it will execute the action that sends email to Group A.

What I would like however, is instead of having a hardcoded list of whether user field = X, I would like to run a shell command that would return user information based on the user field within the payload as input.

Could I do something along the lines of:

output {
      if [user] == "userGroupA" {
        exec {
          command => "ldap <user>"
        }
      }
    }

If this is possible, could I then use that output elsewhere in the watch?

warkolm · November 19, 2020, 10:18pm

There is no exec type action for Alerting sorry to say - https://www.elastic.co/guide/en/elasticsearch/reference/current/actions.html

system · December 17, 2020, 10:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Command-line action from watcher Elasticsearch elastic-stack-alerting	2	497	April 26, 2018
Watcher - Use field data from input to condition script calc Elasticsearch elastic-stack-alerting	2	420	February 23, 2022
Have watcher send several emails for payload with several search results Elasticsearch elastic-stack-alerting	6	3805	July 6, 2017
Using the payload data (fields) after aggregated to bucket, in Elastic Watcher Action email Elasticsearch elastic-stack-alerting	4	1252	April 26, 2022
Watcher Configuration to print results in Email Elasticsearch elastic-stack-alerting	13	3481	July 25, 2018

Is it possible to use payload as input to an exec output command?

Related topics