I've setup a watcher in Kibana. The results out of this are restricted to the top 10. Is there a way to change/configure this value? Any pointers appreciated.
Hello,
Did you set up an advanced watch or a threshold alert? If it's an advanced one, could you post the watch content here?
Hi,
Thanks for the quick reply. See below the advanced watch contents
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"mylog_qa*"
],
"types": [],
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"message": "Exception Warn"
}
},
{
"range": {
"@timestamp": {
"gte": "now-2m"
}
}
}
]
}
},
"_source": [
"message"
],
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"send_email": {
"email": {
"profile": "gmail",
"to": [
"user@domain.com"
],
"subject": "QA Exceptions found in logs",
"body": {
"text": "Warn/exception found in logs.\n\n Details: \n\n\n\n{{#ctx.payload.hits.hits}}{{_source.message}}\n\n{{/ctx.payload.hits.hits}}"
}
}
}
}
}You can add a size parameter in the request body.
"body": {
"size": 10,
"query": {
"bool": {
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-from-size.html
2 Likes
Works like a charm. Thank you!!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.