I am trying.to configure slack notifications using X-pack. After hours of playing around with config and help from community, I was able to find the approximately correct config for slack alerts. But still the messages aren't getting delivered to slack channel but I can see entries in .watch-history* . I have given my configs below. I am not sure what I am doing wrong. Please let me know whether any of my config is wrong.
PUT _watcher/watch/log_error_watch
{
"trigger" : { "schedule" : { "interval" : "30s" } },
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"range" : {
"date" : {
"gt" : "now-1h",
"lt" : "now-2h"
}
}
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 100000 }}
},
"actions" : {
"notify-slack" : {
"throttle_period" : "5s",
"slack" : {
"message" : {
"to" : [ "#elasticsearch" ],
"text" : "{{ctx.payload.hits.total}} errors indexed in an hour"
}
}
}
}
}
User Settings
xpack.notification.slack:
account:
monitoring:
url: <URL>
message_defaults:
from: x-pack
to: notifications
icon: http://example.com/images/watcher-icon.jpg
attachment:
fallback: "X-Pack Notification"
color: "#36a64f"
title: "X-Pack Notification"
title_link: "https://www.elastic.co/guide/en/x-pack/current/index.html"
text: "One of your watches generated this notification."
spinscale
February 4, 2017, 6:15pm
2
Would you mind sharing the latest watch history entry or alternatively run the execute watch API for this specific watch and share that output?
Thank you!
{
"_index": ".watcher-history-1-2017.02.04",
"_type": "watch_record",
"_id": "log_error_watch_0-2017-02-04T16:25:29.550Z",
"_score": null,
"_source": {
"watch_id": "log_error_watch",
"state": "execution_not_needed",
"trigger_event": {
"type": "schedule",
"triggered_time": "2017-02-04T16:25:29.550Z",
"schedule": {
"scheduled_time": "2017-02-04T16:25:29.550Z"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"logs"
],
"types": [],
"body": {
"query": {
"range": {
"date": {
"gt": "now-1h",
"lt": "now-2h"
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 100000
}
}
},
"result": {
"execution_time": "2017-02-04T16:25:29.550Z",
"execution_duration": 1,
"input": {
"type": "search",
"status": "success",
"payload": {
"_shards": {
"total": 11,
"failed": 0,
"successful": 11
},
"hits": {
"hits": [],
"total": 0,
"max_score": null
},
"took": 1,
"timed_out": false
},
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"logs"
],
"types": [],
"body": {
"query": {
"range": {
"date": {
"gt": "now-1h",
"lt": "now-2h"
}
}
}
}
}
}
},
"condition": {
"type": "compare",
"status": "success",
"met": false,
"compare": {
"resolved_values": {
"ctx.payload.hits.total": 0
}
}
},
"actions": []
},
"messages": []
},
"fields": {
"result.execution_time": [
1486225529550
],
"trigger_event.schedule.scheduled_time": [
1486225529550
],
"trigger_event.triggered_time": [
1486225529550
]
},
"sort": [
1486225529550
]
}
spinscale
February 4, 2017, 8:40pm
4
Hey,
when you check out the conditionpart of the watch history, you can spot that the condition is not met and thus no action executed. Under result.input.payload you can see that the search hit 11 shards, but yielded no results.
Maybe your search is not working as expected?
--Alex
@spinscale Thank you. That worked. Really appreciate your help.
system
March 6, 2017, 10:26pm
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.