Pagerduty action not working using watcher

Pagerduty action not working using watcher

My watch -

{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"xg_elastalert_status_write_error"
],
"types": ,
"body": {
"query": {
"bool": {
"must": [
{
"bool": {
"should": [
{
"match": {
"_type": "elastalert_error"
}
}
]
}
},
{
"range": {
"@timestamp": {
"gte": "now-100h"
}
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"send_email": {
"email": {
"profile": "standard",
"to": [
"sumitkumar.singh@in.imshealth.com"
],
"subject": "Elastalert Failure {{ctx.payload.hits.hits.0._source.@timestamp}}",
"body": {
"text": "Failure Message : {{ctx.payload.hits.hits.0._source.message}}\n Message: {{ctx.payload.hits.hits.0._source.message}}\n"
}
}
},
"notify-pagerduty" : {
"throttle_period" : "5m",
"pagerduty" : {
"incident_key": "a6bfd96dbf0b4e8393697c11b0954a",
"description" : "Main system down, please check!"
}
}
}
}

please take your time and properly format your message. This forum supports markdown, so JSON should be put into code snippets, as this will make everything much more readable.

Can you share the output of the execute watch API or of the watch history from a run of that watch? So we can see, what happened with the pagerduty action.

   {
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"xg_elastalert_status_write_error"
],
"types": ,
"body": {
"query": {
"bool": {
"must": [
{
"bool": {
"should": [
{
"match": {
"_type": "elastalert_error"
}
}
]
}
},
{
"range": {
"@timestamp": {
"gte": "now-100h"
}
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"send_email": {
"email": {
"profile": "standard",
"to": [
"sumitkumar.singh@in.imshealth.com"
],
"subject": "Elastalert Failure {{ctx.payload.hits.hits.0._source.@timestamp}}",
"body": {
"text": "Failure Message : {{ctx.payload.hits.hits.0._source.message}}\n Message: {{ctx.payload.hits.hits.0._source.message}}\n"
}
}
},
"notify-pagerduty" : {
"throttle_period" : "5m",
"pagerduty" : {
"incident_key": "a6bfd96dbf0b4e8393697c11b0954a",
"description" : "Main system down, please check!"
}
}
}
}

Hi Alexander Reelsen

I wanted to know about the configurations for pagerduty action using xpack watcher . I checked and found that it requires account that stores service_api_key in elasticsearch.yml . So, can't we directly use service_api_key in watcher config ? If you have any sample for pager duty action xpack watcher please do share .

the service_api_key setting should be stored in a keystore. See https://www.elastic.co/guide/en/elasticsearch/reference/7.4/actions-pagerduty.html