Offenders in Watcher

Hi all,

Would it be possible to run the following query on a regular basis perhaps in a watcher? And push the output via a webhook?

GET _cat/indices/*?v&s=store.size&bytes=k&format=json



I don't see why not. You could also just write a script and create a cronjob.

Hi, this is what I have so far:

      "trigger": {
        "schedule": {
          "interval": "2m"
      "input": {
        "http": {
          "request": {
            "scheme": "http",
            "host": "",
            "port": 9200,
            "method": "GET",
            "path": "_cat/indices/tid*?v&s=store.size&bytes=k&format=json",
            "params": {},
            "headers": {},
            "auth": {
              "basic": {
                "username": "Hi",
                "password": "NotReal"

  "actions": {
    "web_hook": {
      "webhook": {
        "scheme": "https",
        "host": "",
        "port": 443,
        "method": "post",
        "path": "/private/staging/alert/create",
        "headers": {
          "x-api-key": "NotReal"
        "body": "{{#toJson}}ctx.payload.offenders{{/toJson}}"
  "throttle_period_in_millis": 120000

There is no condition so the action will always activate.

The webhook works and outputs "{}" as there is no payload. How would I get the payload to be the result of my GET query?

Appreciate your assistance,


can you include the output of the execute watch API here please so we can further debug this. I do not see an immediate reason why this should not work.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.