Simple watcher syntax help

Fredrik_Cronholm · August 18, 2020, 1:21pm

Hi!
I trying my first watcher, and being a newbie I have trouble with the basics.
I'd like to filter out the events for the last 10 minutes, but somewhere I have made (I suppose) a simple syntax error. Anyone can point me in the right direction?

       PUT _watcher/watch/log_critical_watch
    {
      "trigger" : {
        "schedule" : { "interval" : "60s" } 
      },
      "input" : {
        "search" : {
          "request" : {
            "indices" : [ "business" ],
            "body" : {
              "query" : {
                 "match" : { "value.ACTIVITY_DETECTION_STATUS.keyword": "Major" },
                  "filter":{ "range":  { "value.MEASUREMENT_START_TIMESTAMP":{"gte": "now-10m/m","lte":"now/m" }}}
              }
              }
            }
          }
        }
      }

Fredrik_Cronholm · August 18, 2020, 1:48pm

Fixed it

PUT _watcher/watch/log_error_watch
{
  "trigger" : {
    "schedule" : { "interval" : "60s" } 
  },
  "input" : {
    "search" : {
      "request" : {
        "indices" : [ "business" ],
        "body" : {
          "query" : {
               "bool": { 
      "must": [
        { "match": { "value.ACTIVITY_DETECTION_STATUS.keyword": "Major"}}
        ],
      "filter": [ 
        { "range":  { "value.MEASUREMENT_START_TIMESTAMP":{"gte": "now-10m/m","lte":"now/m" }}}
      ]
    }
          }
        }
      }
    }
  }
}

system · September 15, 2020, 1:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.