Search command

Pororo · February 27, 2018, 2:35am

This is my watcher setting.

PUT _xpack/watcher/watch/EmailTest
{
  "trigger" : {
    "schedule" : {
      "interval" : "1m"
    }
  },
  "input" : {
    "search" : {
      "query" : {
        "bool" : {
          "filter" : {
            "range" : {
              "@timestamp": {
                "from": "now-1m",
                "to": "now"
              }
            }
          }
        }
      }
    }
  },
  "condition" : {
    "compare" :{
      "ctx.payload.hits.total": {
        "gt": 20
      }
    }
  },
  "actions" : {
    "email_admin" : {
      "email" : {
        "from" : "good456@gmail.com",
        "to" : "good123@gmail.com",
        "subject" : "Error Monitoring Report",
        "priority" : "high"
      }
    }
  }
}

When I run it, it pops up the error "reason": "could not parse [search] input for watch [alphaEmailTest]. unexpected token [START_OBJECT]"

spinscale · February 27, 2018, 12:49pm

there is a request field missing, see https://www.elastic.co/guide/en/x-pack/6.2/input-search.html

system · March 27, 2018, 12:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher error unexpected token [START_OBJECT]" Elasticsearch	1	1960	July 5, 2017
Error creating a watch unexpected token [START_OBJECT]" Elasticsearch elastic-stack-alerting	4	3753	July 6, 2017
Cannot read search request \| Watcher Kibana elastic-stack-alerting	3	446	September 12, 2019
Problem creating Watch - unable to parse [search] input Elasticsearch elastic-stack-alerting	3	2743	July 6, 2017
ParsingException[Unknown key for a START_OBJECT in [filter].] Elasticsearch	4	6399	November 15, 2017

Search command

Related topics