hello, i have a problem with a watcher, it gives me an error when it runs, what i need is the following using the api ack so that a clock runs once and then, this in the state acked, but for it touches manually every time that the clock runs, so try to put a post method that when the alert runs, it also runs the api after it has already executed the action, that is, that i sent a log or an email, it returns to the state acked. but it gives me this error:
{
"watch_id": "58c5e323-5df0-4566-ad25-da439489e3ca",
"node": "H15umKBYTYuRvpRDKdGnWQ",
"state": "executed",
"user": "elastic",
"status": {
"state": {
"active": true,
"timestamp": "2020-12-09T22:17:47.721Z"
},
"last_checked": "2020-12-09T22:19:24.885Z",
"last_met_condition": "2020-12-09T22:19:24.885Z",
"actions": {
"my-logging-action": {
"ack": {
"timestamp": "2020-12-09T22:19:24.885Z",
"state": "ackable"
},
"last_execution": {
"timestamp": "2020-12-09T22:19:24.885Z",
"successful": true
},
"last_successful_execution": {
"timestamp": "2020-12-09T22:19:24.885Z",
"successful": true
}
},
"ack-logging": {
"ack": {
"timestamp": "2020-12-09T22:17:47.721Z",
"state": "awaits_successful_execution"
},
"last_execution": {
"timestamp": "2020-12-09T22:19:24.885Z",
"successful": false,
"reason": "received [401] status code"
}
}
},
"execution_state": "executed",
"version": -1
},
"trigger_event": {
"type": "schedule",
"triggered_time": "2020-12-09T22:19:24.879Z",
"schedule": {
"scheduled_time": "2020-12-09T22:19:24.443Z"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"hear*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "{{ctx.trigger.scheduled_time}}||-2m",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "strict_date_optional_time||basic_time_no_millis"
}
}
},
{
"term": {
"monitor.name": "windows7"
}
}
]
}
},
"aggs": {
"metricAgg": {
"max": {
"field": "summary.up"
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "if (ctx.payload.aggregations.metricAgg.value >= params.threshold) { return true; } return false;",
"lang": "painless",
"params": {
"threshold": 0.8
}
}
},
"metadata": {
"name": "alerta subida",
"xpack": {
"type": "json"
}
},
"result": {
"execution_time": "2020-12-09T22:19:24.885Z",
"execution_duration": 6653,
"input": {
"type": "search",
"status": "success",
"payload": {
"_shards": {
"total": 1,
"failed": 0,
"successful": 1,
"skipped": 0
},
"hits": {
"hits": [],
"total": 2,
"max_score": null
},
"took": 3,
"timed_out": false,
"aggregations": {
"metricAgg": {
"value": 1
}
}
},
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"hear*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "2020-12-09T22:19:24.443Z||-2m",
"lte": "2020-12-09T22:19:24.443Z",
"format": "strict_date_optional_time||basic_time_no_millis"
}
}
},
{
"term": {
"monitor.name": "windows7"
}
}
]
}
},
"aggs": {
"metricAgg": {
"max": {
"field": "summary.up"
}
}
}
}
}
}
},
"condition": {
"type": "script",
"status": "success",
"met": true
},
"transform": {
"type": "script",
"status": "success",
"payload": {
"time_triggered": "2020-12-09 17:19:24"
}
},
"actions": [
{
"id": "my-logging-action",
"type": "logging",
"status": "success",
"logging": {
"logged_text": "EL EQUIPO WINDOWS7 HA RESTABLECIDO LA CONEXION"
}
},
{
"id": "ack-logging",
"type": "webhook",
"status": "failure",
"reason": "received [401] status code",
"webhook": {
"request": {
"host": "localhost",
"port": 9200,
"scheme": "http",
"method": "post",
"path": "_watcher/watch/58c5e323-5df0-4566-ad25-da439489e3ca/_ack/my-logging-action"
},
"response": {
"status": 401,
"headers": {
"www-authenticate": [
"Basic realm=\"security\" charset=\"UTF-8\"",
"ApiKey"
],
"content-type": [
"application/json; charset=UTF-8"
]
},
"body": "{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/_watcher/watch/58c5e323-5df0-4566-ad25-da439489e3ca/_ack/my-logging-action]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/_watcher/watch/58c5e323-5df0-4566-ad25-da439489e3ca/_ack/my-logging-action]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"ApiKey\"]}},\"status\":401}"
}
}
}
]
},
"messages": []
}
pdta: i've already tried with throttle but the problem is that it only runs once, ie send the mail or the log once, but what i want is that the clock runs the watcher and send only once the log or email that the computer fell, then when the condition is false, I mean, when this in up the computer and put in 'OK', then if it returns to down, when it falls again the computer again to send that log or mail.
this is also the code:
{
"trigger": {
"schedule": {
"interval": "2m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"hear*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "{{ctx.trigger.scheduled_time}}||-2m",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "strict_date_optional_time||basic_time_no_millis"
}
}
},
{
"term": {
"monitor.name": "windows7"
}
}
]
}
},
"aggs": {
"metricAgg": {
"max": {
"field": "summary.up"
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "if (ctx.payload.aggregations.metricAgg.value >= params.threshold) { return true; } return false;",
"lang": "painless",
"params": {
"threshold": 0.8
}
}
},
"actions": {
"my-logging-action": {
"logging": {
"level": "info",
"text": "EL EQUIPO WINDOWS7 HA RESTABLECIDO LA CONEXION"
}
},
"ack-logging": {
"webhook": {
"scheme": "http",
"host": "localhost",
"port": 9200,
"method": "post",
"path": "_watcher/watch/58c5e323-5df0-4566-ad25-da439489e3ca/_ack/my-logging-action",
"params": {},
"headers": {}
}
}
},
"transform": {
"script": {
"source": "return [ 'time_triggered': Instant.ofEpochMilli(ctx.trigger.triggered_time.getMillis()).atZone(ZoneId.of('America/Bogota')).format(DateTimeFormatter.ofPattern('YYYY-MM-dd HH:mm:ss')) ];",
"lang": "painless"
}
}
}