Not able to execute actions on aggregation results

Hi elastic community,

I've been trying to implement a watcher over http requests and then subsequently triggering an action(mailing here) to send me the reports.

the code i'm trying to execute is :

curl -X PUT 'http://localhost:9200/_watcher/watch/watch_1' -H 'Content-Type: application/json' -d
    {
      "trigger": {
        "schedule": {
          "interval": "5s"
        }
      },
      "input": {
        "search": {
          "request": {
            "indices": [
              "s3"
            ],
            "body": {
              "query": {
                "match": {
                  "type": "GET"
                }
              },
              "size": 0,
              "aggs": {
                "distinct_id": {
                  "terms": {
                    "field": "type.keyword"
                  }
                }
              }
            }
          }
        }
      },
      "condition": {
        "compare": {
          "ctx.payload.aggregations.distinct_id.buckets.0.doc_count": {
            "gt": 4
          }
        }
      },
      "actions": {
        "send_email": {
          "email": {
            "to": "xyz@abc.com",
            "subject": "Watcher Notification",
            "body": " {{ctx.payload.aggregations.distinct_id.buckets.0.doc_count}} requests found"
          }
        }
      }
    }

But i'm not getting any mails moreover even logging action isn't getting executed ...and state of watcher is always "awaits_successful_execution". Maybe there's and issue with the condition part
Watcher details(from browser) are as follows:

{
  "found" : true,
  "_id" : "watch_1",
  "status" : {
    "state" : {
      "active" : true,
      "timestamp" : "2018-07-06T10:17:38.585Z"
    },
    "last_checked" : "2018-07-06T10:33:08.166Z",
    "actions" : {
      "send_email" : {
        "ack" : {
          "timestamp" : "2018-07-06T10:17:38.585Z",
          "state" : "awaits_successful_execution"
        }
      }
    },
    "execution_state" : "execution_not_needed",
    "version" : 239
  },
  "watch" : {
    "trigger" : {
      "schedule" : {
        "interval" : "5s"
      }
    },
    "input" : {
      "search" : {
        "request" : {
          "search_type" : "query_then_fetch",
          "indices" : [
            "s3"
          ],
          "types" : [ ],
          "body" : {
            "query" : {
              "match" : {
                "type" : "GET"
              }
            },
            "size" : 0,
            "aggs" : {
              "distinct_id" : {
                "terms" : {
                  "field" : "type.keyword"
                }
              }
            }
          }
        }
      }
    },
    "condition" : {
      "compare" : {
        "ctx.payload.aggregations.distinct_id.buckets.0.doc_count" : {
          "gt" : 4
        }
      }
    },
    "actions" : {
      "send_email" : {
        "email" : {
          "profile" : "standard",
          "to" : [
            "abc@xyz.com"
          ],
          "subject" : "Watcher Notification",
          "body" : {
            "text" : "{{ctx.payload.aggregations.distinct_id.buckets.0.doc_count}} requests found"
          }
        }
      }
    }
  }
}

The above issue is sorted out, there was a minor error from my side due to which watcher was not getting executed .
Thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.