I am wondering about a particular use case. I am using watcher to send a webhook to an external alert tracking mechanism when a watch condition is met. The external system receives the event and creates an incident ticket in our enterprise service desk. This is pretty easy to set up with watcher
Our policies dictate that when an alert ( in this case my watch ) is restored, the alerting system send a "stand down" event to the helpdesk which will close down the incident ticket. Since watches dont maintain an internal state over time, I'm wondering how to implement this.
Right now I am considering having two watches set up per condition, one for detecting "system down" events then another detecting "system ok" events. Each watch would send either the "system ok" or "system down" event to the same endpoint and update the ticket status accordingly.
To me this seems a bit kludgy and im wondering if anyone here has any thoughts on how to achieve this or has done something similar in their own implementation.
this is indeed a bit clunky at the moment, we intend to improve this by being able to access data from the previous watch runs in the context in the future. What you could do now
Is there a version where using conditions within an action became available? I am using elasticsearch 2.2 and receiving the error - "unknown action type [condition]"
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.