Hello,
I have created a watcher using advanced query in ver 7.8.0. The watcher runs and fulfills my requirement.
But I have to reuse the same query for different values (integer). like a function
For each value, The watcher query has to be executed and based on the result, Email action has to be triggered.
Is there a way to achieve this in Watcher advance query?
Please advice.
Thanks
Fredrick
Hi Fredrick, could you help me understand what you're trying to do?
But I have to reuse the same query for different values (integer). like a function
I'm not sure what you mean by this. What's context of the "different values" you mention? "Like a function" in what sense? Could you give me an example of what you want to do? It might help to share the Watcher you're working with.
based on the result, Email action has to be triggered.
What is the condition you'd like to predicate the action upon?
Thanks for your reply @cjcenizal.
Below is my watcher query. This watcher will trigger email when below condition returns 0 documents.
There is key called PARTITION has values from 0 through 9.
In this case, should I have to create 10 individual watcher for PARTITION values 0 through 9 or Is there any way that I can pass the PARTITION values 0 through 9 as argument like calling a function and in a single watcher?
{
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
“*index*”
],
"rest_total_hits_as_int": true,
"body": {
"size": 1,
"query": {
"bool": {
"must": [],
"filter": [
{
"bool": {
"filter": [
{
"bool": {
"should": [
{
"match": {
"APPLICATION_NAME": "orderApp”
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"filter": [
{
"bool": {
"should": [
{
"match": {
"PARTITION": 0
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase": {
"message": "orderReceived"
}
}
],
"minimum_should_match": 1
}
},
{
"range": {
"@timestamp": {
"gte": "now-15m"
}
}
}
]
}
}
]
}
}
],
"should": [],
"must_not": []
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"eq": 0
}
}
},
"actions": {
"email_administrator": {
"email": {
"profile": "standard",
"priority": "high",
"to": [“email.com”],
"subject": "Order App Partition 0 - issue ",
"body": {
"text": "Please check with support team"
}
}
}
}
}Ah, I see! Unfortunately I think you're going to have define a unique watcher for each PARTITION that you want to watch.
Feel free to submit an Elasticsearch feature request to add functionality that supports defining multiple inputs, storing their results on ctx, and then accessing the index or some other identifier of the current input within the action, which I believe would allow you to do what you'd like to do.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.