Offenders in Watcher


(Jason Esposito) #1

Hi all,

Would it be possible to run the following query on a regular basis perhaps in a watcher? And push the output via a webhook?

GET _cat/indices/*?v&s=store.size&bytes=k&format=json



(Tyler Smalley) #2

I don't see why not. You could also just write a script and create a cronjob.

(Jason Esposito) #3

Hi, this is what I have so far:

      "trigger": {
        "schedule": {
          "interval": "2m"
      "input": {
        "http": {
          "request": {
            "scheme": "http",
            "host": "",
            "port": 9200,
            "method": "GET",
            "path": "_cat/indices/tid*?v&s=store.size&bytes=k&format=json",
            "params": {},
            "headers": {},
            "auth": {
              "basic": {
                "username": "Hi",
                "password": "NotReal"

  "actions": {
    "web_hook": {
      "webhook": {
        "scheme": "https",
        "host": "",
        "port": 443,
        "method": "post",
        "path": "/private/staging/alert/create",
        "headers": {
          "x-api-key": "NotReal"
        "body": "{{#toJson}}ctx.payload.offenders{{/toJson}}"
  "throttle_period_in_millis": 120000

There is no condition so the action will always activate.

The webhook works and outputs "{}" as there is no payload. How would I get the payload to be the result of my GET query?

Appreciate your assistance,


(Alexander Reelsen) #5

can you include the output of the execute watch API here please so we can further debug this. I do not see an immediate reason why this should not work.

(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.