I'm working in startup and I got the task of writing trigger for error logs ,
but not when i'm using
PUT _watcher/watch/diagnostic_monitor
{
"metadata" : {
"color" : "red"
},
"trigger" : {
"schedule" : {
"interval" : "5m"
}
}```
getting this error '{"Message":"Your request: '/_watcher/watch/diagnostic_monitor' is not allowed."}' , i'm using devtool for sendingWhat is it you are trying to achieve?
i want to to make the trigger after every 10 min to see the error logs and send back it to api response
If you can help me out it will be really great
Your watcher is not complete. There is no input, condition and action.
full code is here
PUT _watcher/watch/diagnostic_monitor
{
"metadata" : {
"color" : "red"
},
"trigger" : {
"schedule" : {
"interval" : "5m"
}
},
"input" : {
"search" : {
"request" : {
"indices" : "log-events",
"body" : {
"size" : 0,
"query" : { "match" : { "status" : "error" } }
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 5 }}
},
"transform" : {
"search" : {
"request" : {
"indices" : "log-events",
"body" : {
"query" : { "match" : { "status" : "error" } }
}
}
}
},
"actions" : {
"my_webhook" : {
"webhook" : {
"method" : "POST",
"host" : "mylisteninghost",
"port" : 9200,
"path" : "/{{watch_id}}",
"body" : "Encountered {{ctx.payload.hits.total}} errors"
}
},
"email_administrator" : {
"email" : {
"to" : "sys.admino@host.domain",
"subject" : "Encountered {{ctx.payload.hits.total}} errors",
"body" : "Too many error in the system, see attached data",
"attachments" : {
"attached_data" : {
"data" : {
"format" : "json"
}
}
},
"priority" : "high"
}
}
}
}```hey can you tell me what should i put here PUT _watcher/watch/diagnostic_monitor
?
why getting this error ?
{"Message":"Your request: '/_watcher/watch/diagnostic_monitor' is not allowed."}'
I'm using devtool for sending
Which version of Elasticsearch are you using?
I'm sending query using devtool login webapp
That was not what I asked. What do you get if you curl Elasticsearch, e.g. curl localhost:9200?
curl: (7) Failed to connect to localhost port 9200: Connection refused
You may need to change the command if you have secured your cluster. If you are using Kibana devtools you can instead run GET /.
I want to create the watcher so for that i need to send the same query i sent , right?
how will i used GET their?
It would tell me which version of Elasticsearch you are using, which I asked about earlier.
{
"name" : "fa6807f386fd134b5bc80e6dfd6cf5fd",
"cluster_name" : "359065796489:vista-dev-open",
"cluster_uuid" : "QOv0GsdDTciWgCNMG2qJJg",
"version" : {
"number" : "7.10.2",
"build_flavor" : "oss",
"build_type" : "tar",
"build_hash" : "unknown",
"build_date" : "2021-05-21T20:25:46.519671Z",
"build_snapshot" : false,
"lucene_version" : "8.7.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
\
That explains it. Watcher requires the default distribution and is not available in the oss distribution. If you look at the subscriptions page it would also require a commercial subscription.
ohk so that why it is saying {"Message":"Your request: '/_watcher/watch/diagnostic_monitor' is not allowed."}'
not allowed?
As your build does no contain this functionality I suspect that is a generic error message for an non-existent endpoint. If you have some third party security plugin installed it could also come from that.
How can i check if my build contains this functionality or not?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.