Setting up a watcher is seems harder than it should be

I used the following command to enable Watcher:

PUT _cluster/settings { "persistent": { "xpack.monitoring.collection.enabled": true } }

When I goto the Watcher to create a watcher, there is no timestamp field. Do I have to create it manually?

Why did you think you needed to set that setting?

What are you creating a watch on? What does it look like? What does the source index look like?

when I ran:
GET _cluster/settings

The setting was set to false.So, I set it to true. That's what the docs said to do.

As far as what alert I want, I just want to get anything going, I've never used it before.

Ok no worries!

It's still not clear what you want to be alerted on here. What is the data source?

a few weeks ago we had an outage.
I'd like to test CPU threshold, or even the system available at all?

Makes sense. How are you sending this data to Elasticsearch, are you using Beats? Or are you specifically looking to alert on the data Elasticsearch collects on itself?

I'm using the Cloud.

You need to be a little more explicit please.
What Cloud? CPU/uptime etc is a concept, but we need to translate that to an actual datasource that you want to generate alerts on.

I amusing the Elastic Cloud Service.

I want to know when users cannot get any data from the cluster.
We exposed the service to the web in the form of a search engine.

I want ti know when my web app cannot get any data for reasons on the Elastic side.

That is something I suspect you will need to monitor from outside the cluster. If the cluster for some reason was to end up in trouble and not being able to serve requests it may not be able to run Watcher either meaning you would not get any alert.

I would also recommend against exposing your cluster directly to the internet as you may open yourself up to DDOS attacks or other activities.

so I should rely on the Observability Cluster?

FYI: Our Elastic is hidden behind a web service, not totally public.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.