I am trying to get something like setup with watcher, would appreciate if anyone points me to the right direction. Basically I want my conditions to be more dynamic rather than just greater than / less than match.
You will probably want to add more information to this in order for someone to be able to help you. What problem are you trying to solve? Could you explain " I want my conditions to be more dynamic rather than just greater than / less than match" a bit more? What conditions do you want to apply? And lastly, what have you tried so far when creating a Watch?
I've just noticed you are talking about Watcher in the text of your question but the link is for Elastalert. Which one are you trying to use? Watcher or Elastalert?
Sorry I should be more clear about my question.
The script I put before (https://github.com/Yelp/elastalert/blob/master/example_rules/example_spike.yaml ) is from the product https://github.com/Yelp/elastalert. It represents the typical usecase for Spike Detection which can be used .
For example, we get a steady stream of Error in our logs, lets say 20 errors per 30 mins on average. However, in case of a node / service failure in our microservice architecture, it has ripple effect and the error count spikes to 100+. A human observer monitoring the kibana board can clearly find the anomaly.
The elastalert product addresses this usecase. However, I would like to try use 'Watcher' to address the same use case. The reason being as a commercial product , I can hope there are lot more features to come from Watcher.
Ok, thanks for clarifying. I'll move this topic back to the Watcher category, as I think it was moved to Elasticsearch because someone thought you were talking about Elastalert.