Hi Team,
I am trying to create a watcher for 1 error message but I get stuck. I have executed steps from elasticsearch document
https://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-getting-started.html
Code :-
PUT _watcher/watch/log_error_watch
{
"trigger" : { "schedule" : { "interval" : "10s" }},
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total.value" : { "gt" : 0 }}
},
"actions" : {
"log_error" : {
"logging" : {
"text" : "Found {{ctx.payload.hits.total.value}} errors in the logs"
}
}
}
}
Index creation :-
POST logs/event
{
"timestamp" : "2020-03-24T07:03:51.685Z",
"request" : "GET index.html",
"status_code" : 404,
"message" : "error: File not found"
}
Result of watcher :-
POST _watcher/watch/log_error_watch/_execute
{
"_id" : "log_error_watch_c99f9ae7-12ed-4331-b3bc-c148664b1653-2020-03-24T08:33:40.678448Z",
"watch_record" : {
"watch_id" : "log_error_watch",
"node" : "vBu9Vw1NSH2ipE1QZMbl7g",
"state" : "execution_not_needed",
"user" : "YeruvaS",
"status" : {
"state" : {
"active" : true,
"timestamp" : "2020-03-24T08:22:31.849Z"
},
"last_checked" : "2020-03-24T08:33:40.678Z",
"actions" : {
"log_error" : {
"ack" : {
"timestamp" : "2020-03-24T08:22:31.849Z",
"state" : "awaits_successful_execution"
}
}
},
"execution_state" : "execution_not_needed",
"version" : 714
},
"trigger_event" : {
"type" : "manual",
"triggered_time" : "2020-03-24T08:33:40.678Z",
"manual" : {
"schedule" : {
"scheduled_time" : "2020-03-24T08:33:40.678Z"
}
}
},
"input" : {
"search" : {
"request" : {
"search_type" : "query_then_fetch",
"indices" : [
"logs"
],
"rest_total_hits_as_int" : true,
"body" : {
"query" : {
"match" : {
"message" : "error"
}
}
}
}
}
},
"condition" : {
"compare" : {
"ctx.payload.hits.total.value" : {
"gt" : 0
}
}
},
"result" : {
"execution_time" : "2020-03-24T08:33:40.678Z",
"execution_duration" : 1,
"input" : {
"type" : "search",
"status" : "success",
"payload" : {
"_shards" : {
"total" : 1,
"failed" : 0,
"successful" : 1,
"skipped" : 0
},
"hits" : {
"hits" : [
{
"_index" : "logs",
"_type" : "event",
"_source" : {
"request" : "GET index.html",
"status_code" : 404,
"message" : "error: File not found",
"timestamp" : "2020-03-24T07:03:51.685Z"
},
"_id" : "p2ujC3EBS96CV1bgIWb_",
"_score" : 0.18232156
},
{
"_index" : "logs",
"_type" : "event",
"_source" : {
"request" : "GET index.html",
"status_code" : 404,
"message" : "error: File not found",
"timestamp" : "2020-03-24T07:03:51.685Z"
},
"_id" : "5WujC3EBS96CV1bgKGZ5",
"_score" : 0.18232156
}
],
"total" : 2,
"max_score" : 0.18232156
},
"took" : 0,
"timed_out" : false
},
"search" : {
"request" : {
"search_type" : "query_then_fetch",
"indices" : [
"logs"
],
"rest_total_hits_as_int" : true,
"body" : {
"query" : {
"match" : {
"message" : "error"
}
}
}
}
}
},
"condition" : {
"type" : "compare",
"status" : "success",
**"met" : false**,
"compare" : {
"resolved_values" : {
**"ctx.payload.hits.total.value" : null**
}
}
},
"actions" : [ ]
},
"messages" : [ ]
}
}
But condition is coming false.
"condition" : {
"type" : "compare",
"status" : "success",
"met" : false,
"compare" : {
"resolved_values" : {
"ctx.payload.hits.total.value" : null
}
}
}
Can you please give me the right direction to solve this issue.