Unable to register watcher

Continuing the discussion from Issue with Watcher:

I am having issues in registering the watcher based on the getting started demo under
Watch Log Data for Errors | Elasticsearch Watcher [2.4] | Elastic

below is the error I get

[2015-05-28 12:39:17,100][DEBUG][action.search.type       ] [American Samurai] [logs][0], node[FDXYqgw_SqGU86gVwBEwKA], [P], s[STARTED]: Failed to execute [org.elasticsearch.action.search.SearchRequest@1d3da7f5] lastShard [true] org.elasticsearch.search.SearchParseException: [logs][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"match":{"message":"error"}}]]
        at org.elasticsearch.search.SearchService.parseSource(SearchService.java:721)
        at org.elasticsearch.search.SearchService.createContext(SearchService.java:557)
        at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:529)
        at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:291)
        at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:231)
        at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:228)
        at org.elasticsearch.search.action.SearchServiceTransportAction$23.run(SearchServiceTransportAction.java:559)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: org.elasticsearch.search.SearchParseException: [logs][0]: from[-1],size[-1]: Parse Failure [No parser for element [match]]
        at org.elasticsearch.search.SearchService.parseSource(SearchService.java:703)
        ... 9 more
[2015-05-28 12:39:17,170][DEBUG][action.search.type       ] [American Samurai] All shards failed for phase: [query] org.elasticsearch.search.SearchParseException: [logs][4]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"match":{"message":"error"}}]]
    at org.elasticsearch.search.SearchService.parseSource(SearchService.java:721)
    at org.elasticsearch.search.SearchService.createContext(SearchService.java:557)
    at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:529)
    at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:291)
    at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:231)
    at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:228)
    at org.elasticsearch.search.action.SearchServiceTransportAction$23.run(SearchServiceTransportAction.java:559)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.elasticsearch.search.SearchParseException: [logs][4]: from[-1],size[-1]: Parse Failure [No parser for element [match]]
    at org.elasticsearch.search.SearchService.parseSource(SearchService.java:703)
    ... 9 more
[2015-05-28 12:39:17,200][WARN ][watcher.execution        ] [American Samurai] failed to execute watch [log_error_watch]/[log_error_watch_29-2015-05-28T07:09:17.090Z], failure [SearchPhaseExecutionException[Failed to execute phase [query], all shards failed; shardFailures {[FDXYqgw_SqGU86gVwBEwKA][logs][0]: SearchParse Exception[[logs][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"match":{"message":"error"}}]]]; nested: SearchParseException[[logs][0]: from[-1],size[-1]: Parse Failure [No parser for element [match]]];  {[FDXYqgw_SqGU86gVwBEwKA][logs][1]: SearchParseException[[logs][1]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"match":{"message":"error"}}]]]; nested: SearchParseException[[logs][1]: from[-1],size[-1]: Parse Failure [No parser for element [match]]]; }{[FDXYqgw_SqGU86gVwBEwKA][logs][2]: SearchParseException[[logs][2]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"match":{"message":"error"}}]]]; nested: SearchParseException[[logs][2]: from[-1],size[-1]: Parse Failure [No parser for element [match]]]; }{[FDXYqgw_SqGU86gVwBEwKA][logs][3]: SearchParseException[[logs][3]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"match":{"message":"error"}}]]]; nested: SearchParseException[[logs][3]: from[-1],size[-1]: Parse Failure [No parser for element [match]]]; }{[FDXYqgw_SqGU86gVwBEwKA][logs][4]: SearchParseException[[logs][4]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"match":{"message":"error"}}]]]; nested: SearchParseException[[logs][4]: from[-1],size[-1]: Parse Failure [No parser for element [match]]]; }]]

I used the below request

PUT _watcher/watch/log_error_watch
{
  "trigger" : {
    "schedule" : { "interval" : "10s" } 
  },
  "input" : {
    "search" : {
      "request" : {
        "indices" : [ "logs" ],
        "body" : {
          "match" : { "message": "error" }
        }
      }
    }
  }    
}

so the body field holds the same content as you'd typically put in the body of a _search request to elasticsearch. Currently, the body is missing the "query" field. Should be:

{
  "trigger": {
    "schedule": {
      "interval": "10s"
    }
  },
  "input": {
    "search": {
      "request": {
        "indices": [
          "logs"
        ],
        "body": {
          "query" : {
            "match": {
              "message": "error"
            }
          }
        }
      }
    }
  }
}

We just noticed that there was an error in the docs around this.. now fixed: https://www.elastic.co/guide/en/watcher/current/watch-log-data.html#log-add-input