Hi All,
Let me brief the scenario and the objective.
The requirement is to create watcher alerts for different items where the threshold and timeframe are the same.
Now to make it happen, I have created separate watcher scripts because in each script I have mentioned each item in the search criteria like below.
{
"match_phrase": {
"item.keyword": "item_1"
}
Also I have changed the reporting URL accordingly. See the below sample.
And by doing this, I ended up with 15 watcher scripts (as there are 15 items available in the data). But now we are facing problems to manage these many scripts.
Now I am looking for a solution to combine these watcher scripts i.e., I want a single script instead of 15 scripts.
Please let me know if it is possible with the watcher.
See below one of the script sample for item_1.
{
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"test_index"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"must": [
{
"bool": {
"minimum_should_match": 1,
"should": [
{
"match_phrase": {
"item.keyword": "item_1"
}
}
]
}
},
{
"match": {
"status.keyword": {
"query": "Fail"
}
}
}
],
"filter": {
"range": {
"transaction_datetime": {
"gte": "{{ctx.trigger.scheduled_time}}||-5m",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "if (ctx.payload.hits.total >= params.threshold) { return true; } return false;",
"lang": "painless",
"params": {
"threshold": 10
}
}
},
"actions": {
"email_admin": {
"email": {
"profile": "standard",
"attachments": {
"Dashboard.pdf": {
"reporting": {
"url": "http://XXX.XX.X.XX:5601/s/alerting/api/reporting/generate/printablePdf?....time%3A%28from%3Anow-5m%2Cto%3Anow%29%29%26_a%3D%28....%21%27s%2520attachment.%21%27%2Cfilters%3A%21%21%28%28%21%27%24state%21%27%3A%28store%3AappState%29%2Cmeta%3A%28alias%3A%21%21n%2Cdisabled%3A%21%21f%2Cindex%3A%21%2....item.keyword%2Cnegate%3A%21%21f%2Cparams%3A%28query%item_1%29%2Ctype%3Aphrase%29%2Cquery%3A%28match_phrase%3A%28item.keyword%3Aitem_1%29%29%29%29%2CfullScreenMode%3A%21%21f%2Coptions%3A%28hidePanelTitles%3A%21%21f......",
"auth": {
"basic": {
"username": "elastic",
"password": "yourpassword"
}
}
}
}
},
"from": "sender@emailaddress.com",
"to": [
"Your Name <youremail@domain.com>"],
"subject": "Elastic Watcher : item_1",
"body": {
"text": "This email is for item_1"
}
}
}
},
"transform": {
"script": {
"source": "HashMap result = new HashMap(); result.result = ctx.payload.hits.total; return result;",
"lang": "painless",
"params": {
"threshold": 10
}
}
}
}
Note: I have masked/removed some of the information in the script for security reasons.
Regards,