Hi All,
We are trying to run the API call for "GET /_cat/indices" through a watcher , but we are not able to receive the data .
Could anyone please help us with the correct script for running the above GET command through the watcher?
Thanks and Regards,
Nalin Anand
Hi Rich,
The script that is mentioned in the GitHub link is regarding violators count in shards.
Is there anyway in which we could get the output of "GET /_cat/indices" in our mails directly through the watcher?
Regards,
Nalin
Of course, this was just a representative example of using watcher to hit an HTTP endpoint and format the results. If you want to change the endpoint, then just do that. If you don't want to format the results, you can remove the transform sections. The bare-bones example of this would look something like:
POST _watcher/watch/_execute
{
"watch": {
"trigger": {
"schedule": {
"interval": "1d"
}
},
"input": {
"http": {
"request": {
"host": "mycluster-name.es.us-central1.gcp.cloud.es.io",
"port": 9243,
"scheme": "https",
"path": "/_cat/indices",
"params": {
"format": "json",
"bytes": "b",
"human": "true"
},
"headers": {},
"auth": {
"basic": {
"username": "elastic",
"password": "xxx"
}
}
}
}
},
"condition": {
"script": "return true;"
},
"actions": {
"displayResults": {
"logging": {
"text": "the output is: {{ctx.payload}}"
}
}
}
}
}
And the unformatted output would look something like:
"the output is: {_headers={content-type=[application/json], x-found-handling-cluster=[71bbfab0891a4b02acf6c5a5ff286fd9], x-cloud-request-id=[tPrexYvzRdigrVx5hg3gOw], x-elastic-product=[Elasticsearch], date=[Wed, 21 Sep 2022 13:59:42 GMT], x-found-handling-instance=[instance-0000000000]}, data=[{health=green, status=open, index=kibana_sample_data_logs, uuid=iJw6Xf-JQ5mu_vXPge3y2A, pri=1, rep=0, docs.count=14074, docs.deleted=0, store.size=8778892, pri.store.size=8778892}, {health=yellow, status=open, index=kibana_sample_data_logs_rollup, uuid=b3LG3Gy7Sdm07MyGn1uEbA, pri=1, rep=1, docs.count=1912, docs.deleted=0, store.size=659460, pri.store.size=659460}], _status_code=200}"
Hi Rich,
Thanks for the reply.
We were trying a similar code for the past few days, but getting some other error.
Now after using your code, we are getting another error:
could not parse [http] input for watch [ag4c694d-e6e5-4687-a2c7-a4002673329c]. failed to parse http request template
When we tried using schema: "http" , we are getting below output :
_value=Client sent an HTTP request to an HTTPS server.\n, _status_code=400
Could you please suggest that the host should be the Elasticsearch endpoint or Kibana endpoint?
And the username should be the Kibana user or Elasticsearch user?
The watcher that we are using currently is below:
{
"trigger": {
"schedule": {
"interval": "1d"
}
},
"input": {
"http": {
"request": {
"scheme": "https",
"host": "??????",
"port": 9244,
"method": "get",
"path": "/_cat/indices",
"params": {
"format": "json",
"human": "true",
"bytes": "b"
},
"headers": {},
"auth": {
"basic": {
"username": "Elastic",
"password": "::es_redacted::"
}
}
}
}
},
"condition": {
"script": {
"source": "return true;",
"lang": "painless"
}
},
"actions": {
"displayResults": {
"logging": {
"level": "info",
"text": "the output is: {{ctx.payload}}"
}
}
}
}
Thank you so much for the response, Rich.
Currently, we are getting authentication issue with the elasticsearch endpoint and trying to sort out the User privilege issue.
Hi Rich,
We are able to get the output as an attachment in the below format:
ctx:
metadata:
name: "Watcher_Test"
xpack:
type: "json"
watch_id: "bf2c4567d-e6e5-4687-b2d7-##########"
payload:
index:
- health: "green"
status: "open"
index: ""
uuid: "********"
pri: "1"
rep: "1"
docs.count: "487"
docs.deleted: "0"
store.size: "0"
pri.store.size: "0"
Is there any way that we could print only the index, store.size and pri.store.size in the body of the mail itself?
Watcher:
{
"trigger": {
"schedule": {
"interval": "2m"
}
},
"input": {
"http": {
"request": {
"scheme": "https",
"host": "<>",
"port": 9243,
"method": "get",
"path": "/_cat/indices",
"params": {
"format": "yaml",
"human": "true",
"bytes": "mb"
},
"headers": {},
"auth": {
"basic": {
"username": "elastic",
"password": "**"
}
}
}
}
},
"condition": {
"script": {
"source": "return true;",
"lang": "painless"
}
},
"actions": {
"displayResults": {
"logging": {
"level": "info",
"text": "the output is: {{ctx.payload.data}}"
}
},
"email_administrator": {
"email": {
"profile": "standard",
"attachments": {
"index.yml": {
"data": {
"format": "yaml"
}
}
},
"to": [
"Nalin.27*@gmail.com"
],
"subject": "Watcher Notification",
"body": {
"text": "{{ctx.payload.data}}"
}
}
}
}
Just change the actions section to include a transform to select only the things you want to print. Something like:
"displayResults": {
"transform": {
"script": """
def index_data = new ArrayList();
for (def index : ctx.payload.data) {
index_data.add("index=" + index['index'] + " :: pri.store.size=" + index['pri.store.size'] + " :: store.size=" + index['store.size']);
}
return index_data;
"""
},
"logging": {
"text": "{{ctx.payload}}"
}
}
}
Which would yield something similar to:
"{_value=[index=kibana_sample_data_logs :: pri.store.size=9054433 :: store.size=18046404, index=mydata-2022.01.01 :: pri.store.size=4253 :: store.size=8506]}"
Thank you so much for the response, Rich.
We were able to produce the data in a tabular form.
Regards,
Nalin
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.