@timestamp in .watcher.history-*

Elastic Stack Kibana
1

I am trying to visualise alerts metrics in Kibana. Since the results.actions are stored in an array, I am trying to query the watcher history and with watcher index action to create my own index where I can aggregate the data.
I have written this query but since .watcher-history doesn't seem to have a @timestamp I can't give it a range.
Do you have any suggestions on how to work around this problem? Or a better idea on how to visualise alert metrics in Kibana?

Thanks

GET .watcher-history-*/_search
{
  "size": 0,
  "query": {
    "exists": {
      "field": "result.actions"
    }
  },
  "aggs": {
    "WatchId": {
      "terms": {
        "field": "watch_id",
        "size": 23
      },
      "aggs": {
        "top_hit_status": {
          "top_hits": {
            "_source": {
              "includes": [
                "result.actions*"
              ]
            },
            "size": 100
          }
        }
      }
    }
  }
}
2

You shouldn't ever have to query a system index to meet a goal like this. I don't see why using the Watcher index action alone isn't enough: when the watch triggers, you can index whatever you want (metrics). Then, you can visualize the data you index. The important things: work off of an index that you control. Don't look to the system internals for this.

Would tracking your own metrics in an index action this be enough to "visualize alert metrics"?

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.