Offenders in Watcher

alerting

(Jason Esposito) #1

Hi all,

Would it be possible to run the following query on a regular basis perhaps in a watcher? And push the output via a webhook?

GET _cat/indices/*?v&s=store.size&bytes=k&format=json

Regards,

Jason


(Tyler Smalley) #2

I don't see why not. You could also just write a script and create a cronjob.


(Jason Esposito) #3

Hi, this is what I have so far:

{
      "trigger": {
        "schedule": {
          "interval": "2m"
        }
      },
      "input": {
        "http": {
          "request": {
            "scheme": "http",
            "host": "NotReal.eu-west-1.aws.found.io",
            "port": 9200,
            "method": "GET",
            "path": "_cat/indices/tid*?v&s=store.size&bytes=k&format=json",
            "params": {},
            "headers": {},
            "auth": {
              "basic": {
                "username": "Hi",
                "password": "NotReal"
              }
            }
          }
        }

      },
  "actions": {
    "web_hook": {
      "webhook": {
        "scheme": "https",
        "host": "NotReal.NotReal.com",
        "port": 443,
        "method": "post",
        "path": "/private/staging/alert/create",
      
        "headers": {
          "x-api-key": "NotReal"
         },
        "body": "{{#toJson}}ctx.payload.offenders{{/toJson}}"
      }
    }
  },
  "throttle_period_in_millis": 120000
}

There is no condition so the action will always activate.

The webhook works and outputs "{}" as there is no payload. How would I get the payload to be the result of my GET query?

Appreciate your assistance,

Jason


(Alexander Reelsen) #5

can you include the output of the execute watch API here please so we can further debug this. I do not see an immediate reason why this should not work.


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.