Search command

Pororo · February 27, 2018, 2:35am

This is my watcher setting.

PUT _xpack/watcher/watch/EmailTest
{
  "trigger" : {
    "schedule" : {
      "interval" : "1m"
    }
  },
  "input" : {
    "search" : {
      "query" : {
        "bool" : {
          "filter" : {
            "range" : {
              "@timestamp": {
                "from": "now-1m",
                "to": "now"
              }
            }
          }
        }
      }
    }
  },
  "condition" : {
    "compare" :{
      "ctx.payload.hits.total": {
        "gt": 20
      }
    }
  },
  "actions" : {
    "email_admin" : {
      "email" : {
        "from" : "good456@gmail.com",
        "to" : "good123@gmail.com",
        "subject" : "Error Monitoring Report",
        "priority" : "high"
      }
    }
  }
}

When I run it, it pops up the error "reason": "could not parse [search] input for watch [alphaEmailTest]. unexpected token [START_OBJECT]"

spinscale · February 27, 2018, 12:49pm

there is a request field missing, see https://www.elastic.co/guide/en/x-pack/6.2/input-search.html

system · March 27, 2018, 12:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.