hello, i have a watcher, with the time throttle, i used the api ack, i executed it with the id of the watcher and the action, but it did not work, since it does not restart the time throttle, which is what i need so that the alert is executed to me again only once, here i leave the code that i used and the history of the watch
{
"watch_id": "4dd59c8e-3a6a-44c7-be65-8df2c4f39ad5",
"node": "-xhVXkfDTZ68p3QqbSV9Cw",
"state": "throttled",
"status": {
"state": {
"active": true,
"timestamp": "2020-11-26T23:08:34.617Z"
},
"last_checked": "2020-11-27T00:37:34.944Z",
"last_met_condition": "2020-11-27T00:37:34.944Z",
"actions": {
"log": {
"ack": {
"timestamp": "2020-11-26T23:13:34.864Z",
"state": "awaits_successful_execution"
},
"last_execution": {
"timestamp": "2020-11-26T23:09:34.951Z",
"successful": true
},
"last_successful_execution": {
"timestamp": "2020-11-26T23:09:34.951Z",
"successful": true
},
"last_throttle": {
"timestamp": "2020-11-27T00:37:34.944Z",
"reason": "throttling interval is set to [1d] but time elapsed since last execution is [1.4h]"
}
}
},
"execution_state": "throttled",
"version": -1
},
"trigger_event": {
"type": "schedule",
"triggered_time": "2020-11-27T00:37:34.944Z",
"schedule": {
"scheduled_time": "2020-11-27T00:37:34.619Z"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"hear*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "{{ctx.trigger.scheduled_time}}||-1m",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "strict_date_optional_time||basic_time_no_millis"
}
}
},
{
"term": {
"monitor.name": "windows7"
}
}
]
}
},
"aggs": {
"metricAgg": {
"max": {
"field": "summary.down"
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "if (ctx.payload.aggregations.metricAgg.value >= params.threshold) { return true; } return false;",
"lang": "painless",
"params": {
"threshold": 0.8
}
}
},
"metadata": {
"name": "Prueba alerta caida conexion",
"xpack": {
"type": "json"
}
},
"result": {
"execution_time": "2020-11-27T00:37:34.944Z",
"execution_duration": 1,
"input": {
"type": "search",
"status": "success",
"payload": {
"_shards": {
"total": 1,
"failed": 0,
"successful": 1,
"skipped": 0
},
"hits": {
"hits": [],
"total": 1,
"max_score": null
},
"took": 0,
"timed_out": false,
"aggregations": {
"metricAgg": {
"value": 1
}
}
},
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"hear*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "2020-11-27T00:37:34.619Z||-1m",
"lte": "2020-11-27T00:37:34.619Z",
"format": "strict_date_optional_time||basic_time_no_millis"
}
}
},
{
"term": {
"monitor.name": "windows7"
}
}
]
}
},
"aggs": {
"metricAgg": {
"max": {
"field": "summary.down"
}
}
}
}
}
}
},
"condition": {
"type": "script",
"status": "success",
"met": true
},
"transform": {
"type": "script",
"status": "success",
"payload": {
"time_triggered": "2020-11-26 19:37:34"
}
},
"actions": [
{
"id": "log",
"type": "logging",
"status": "throttled",
"reason": "throttling interval is set to [1d] but time elapsed since last execution is [1.4h]"
}
]
},
"messages": []
}
this is the request api ack
PUT _watcher/watch/4dd59c8e-3a6a-44c7-be65-8df2c4f39ad5/_ack/log
and this is the response
{
"status" : {
"state" : {
"active" : true,
"timestamp" : "2020-11-26T23:08:34.617Z"
},
"last_checked" : "2020-11-26T23:21:34.847Z",
"last_met_condition" : "2020-11-26T23:21:34.847Z",
"actions" : {
"log" : {
"ack" : {
"timestamp" : "2020-11-26T23:13:34.864Z",
"state" : "awaits_successful_execution"
},
"last_execution" : {
"timestamp" : "2020-11-26T23:09:34.951Z",
"successful" : true
},
"last_successful_execution" : {
"timestamp" : "2020-11-26T23:09:34.951Z",
"successful" : true
},
"last_throttle" : {
"timestamp" : "2020-11-26T23:21:34.847Z",
"reason" : "throttling interval is set to [1d] but time elapsed since last execution is [11.9m]"
}
}
},
"execution_state" : "throttled",
"version" : 347
}
}
So as far as I'm concerned, my question is how can I restart the throttle without having to run the alert manually.